{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","type":"npm","namespace":"","name":"openclaw","version":"2026.2.24","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2026.3.25","latest_non_vulnerable_version":"2026.4.23","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71704?format=json","vulnerability_id":"VCID-12a9-am5h-9fch","summary":"OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassing signature validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35626","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31155","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35626"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35626","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35626"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:08:51Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/651dc7450b68a5396a009db78ef9382633707ead","reference_id":"651dc7450b68a5396a009db78ef9382633707ead","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:08:51Z/"}],"url":"https://github.com/openclaw/openclaw/commit/651dc7450b68a5396a009db78ef9382633707ead"},{"reference_url":"https://github.com/advisories/GHSA-rm59-992w-x2mv","reference_id":"GHSA-rm59-992w-x2mv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm59-992w-x2mv"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv","reference_id":"GHSA-rm59-992w-x2mv","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:08:51Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unauthenticated-resource-exhaustion-via-voice-call-webhook","reference_id":"openclaw-unauthenticated-resource-exhaustion-via-voice-call-webhook","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:08:51Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unauthenticated-resource-exhaustion-via-voice-call-webhook"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35626","GHSA-rm59-992w-x2mv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12a9-am5h-9fch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79829?format=json","vulnerability_id":"VCID-13uy-bfur-93c9","summary":"OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactly four transparent dispatch wrappers like repeated env invocations before /bin/sh -c to bypass security=allowlist approval gating by misaligning classification with execution planning.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27183","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03749","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27183"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2fc95a7cfc1eb9306356510b0251b6d51fb1c0b0","reference_id":"2fc95a7cfc1eb9306356510b0251b6d51fb1c0b0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:00:14Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2fc95a7cfc1eb9306356510b0251b6d51fb1c0b0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27183","reference_id":"CVE-2026-27183","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27183"},{"reference_url":"https://github.com/advisories/GHSA-r6qf-8968-wj9q","reference_id":"GHSA-r6qf-8968-wj9q","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6qf-8968-wj9q"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r6qf-8968-wj9q","reference_id":"GHSA-r6qf-8968-wj9q","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:00:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r6qf-8968-wj9q"},{"reference_url":"https://vulncheck.com/advisories/openclaw-mar-shell-approval-gating-bypass-via-dispatch-wrapper-depth-mismatch","reference_id":"openclaw-mar-shell-approval-gating-bypass-via-dispatch-wrapper-depth-mismatch","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:00:14Z/"}],"url":"https://vulncheck.com/advisories/openclaw-mar-shell-approval-gating-bypass-via-dispatch-wrapper-depth-mismatch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40410?format=json","purl":"pkg:npm/openclaw@2026.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.7"}],"aliases":["CVE-2026-27183","GHSA-r6qf-8968-wj9q"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13uy-bfur-93c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359970?format=json","vulnerability_id":"VCID-1cbb-8u8n-dqa8","summary":"Duplicate Advisory: OpenClaw: Plivo V2 verified replay identity drifts on query-only variants\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-cg6c-q2hx-69h7. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized base URL, enabling attackers to mint new verified request keys through unsigned query-only changes to signed requests.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35618","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35618"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cg6c-q2hx-69h7","reference_id":"GHSA-cg6c-q2hx-69h7","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cg6c-q2hx-69h7"},{"reference_url":"https://github.com/advisories/GHSA-j56c-wpqm-h24x","reference_id":"GHSA-j56c-wpqm-h24x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j56c-wpqm-h24x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373851?format=json","purl":"pkg:npm/openclaw@2026.3.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.23"}],"aliases":["GHSA-j56c-wpqm-h24x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1cbb-8u8n-dqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65586?format=json","vulnerability_id":"VCID-1f2r-y41u-y7b4","summary":"OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers can resolve pending approvals without proper authorization by exploiting this logic flaw if they know an approval id.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43574","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11333","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43574"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/65714","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/65714"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43574","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43574"},{"reference_url":"https://github.com/openclaw/openclaw/commit/0a105c0900de701d2ee9f1abc96b017afbd0afdd","reference_id":"0a105c0900de701d2ee9f1abc96b017afbd0afdd","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:19:51Z/"}],"url":"https://github.com/openclaw/openclaw/commit/0a105c0900de701d2ee9f1abc96b017afbd0afdd"},{"reference_url":"https://github.com/advisories/GHSA-49cg-279w-m73x","reference_id":"GHSA-49cg-279w-m73x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-49cg-279w-m73x"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-49cg-279w-m73x","reference_id":"GHSA-49cg-279w-m73x","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:19:51Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-49cg-279w-m73x"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-improper-authorization-via-empty-approver-lists","reference_id":"openclaw-improper-authorization-via-empty-approver-lists","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:19:51Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-improper-authorization-via-empty-approver-lists"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373522?format=json","purl":"pkg:npm/openclaw@2026.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12"}],"aliases":["CVE-2026-43574","GHSA-49cg-279w-m73x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1f2r-y41u-y7b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360149?format=json","vulnerability_id":"VCID-1gsf-j6g3-4fd7","summary":"OpenClaw: Silent privilege escalation via gateway shared-auth reconnect\n## Summary\n\nGateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nSilent local shared-auth reconnects could previously auto-approve `scope-upgrade` requests and widen a paired device from `operator.read` to `operator.admin`. Commit `81ebc7e0344fd19c85778e883bad45e2da972229` blocks silent reconnect scope upgrades so widened scopes require an explicit pairing approval instead of an implicit local reconnect path.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `81ebc7e0344fd19c85778e883bad45e2da972229`.\n\n## Fix Commit(s)\n\n- `81ebc7e0344fd19c85778e883bad45e2da972229`","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-fqw4-mph7-2vr8","reference_id":"GHSA-fqw4-mph7-2vr8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fqw4-mph7-2vr8"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8","reference_id":"GHSA-fqw4-mph7-2vr8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8"}],"fixed_packages":[],"aliases":["GHSA-fqw4-mph7-2vr8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gsf-j6g3-4fd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71619?format=json","vulnerability_id":"VCID-1ht7-4wun-gba4","summary":"OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access control denials and restoring previously revoked permissions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35649","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1018","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35649"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93","reference_id":"3cbf932413e41d1836cb91aed1541a28a3122f93","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:36Z/"}],"url":"https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:36Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35649","reference_id":"CVE-2026-35649","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35649"},{"reference_url":"https://github.com/advisories/GHSA-pw7h-9g6p-c378","reference_id":"GHSA-pw7h-9g6p-c378","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pw7h-9g6p-c378"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-pw7h-9g6p-c378","reference_id":"GHSA-pw7h-9g6p-c378","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:36Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-pw7h-9g6p-c378"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-settings-reconciliation-bypass-via-empty-allowlist","reference_id":"openclaw-settings-reconciliation-bypass-via-empty-allowlist","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:36Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-settings-reconciliation-bypass-via-empty-allowlist"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35649","GHSA-pw7h-9g6p-c378"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ht7-4wun-gba4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359853?format=json","vulnerability_id":"VCID-1j9j-8qcc-tyhy","summary":"Duplicate Advisory: OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hf68-49fm-59cq. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35639","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35639"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq","reference_id":"GHSA-hf68-49fm-59cq","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq"},{"reference_url":"https://github.com/advisories/GHSA-r3v5-2grc-429h","reference_id":"GHSA-r3v5-2grc-429h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r3v5-2grc-429h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["GHSA-r3v5-2grc-429h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1j9j-8qcc-tyhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65519?format=json","vulnerability_id":"VCID-1kns-bfm7-wqa7","summary":"OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weaken risk classification of unsafe applet invocations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43530","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21358","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43530"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/65713","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/65713"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43530","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43530"},{"reference_url":"https://github.com/openclaw/openclaw/commit/666f48d9b882a8a1415ca53f9567c72499d850c9","reference_id":"666f48d9b882a8a1415ca53f9567c72499d850c9","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T14:31:04Z/"}],"url":"https://github.com/openclaw/openclaw/commit/666f48d9b882a8a1415ca53f9567c72499d850c9"},{"reference_url":"https://github.com/advisories/GHSA-2cq5-mf3v-mx44","reference_id":"GHSA-2cq5-mf3v-mx44","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2cq5-mf3v-mx44"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2cq5-mf3v-mx44","reference_id":"GHSA-2cq5-mf3v-mx44","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T14:31:04Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2cq5-mf3v-mx44"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-weakened-exec-approval-binding-via-busybox-and-toybox-applet-execution","reference_id":"openclaw-weakened-exec-approval-binding-via-busybox-and-toybox-applet-execution","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T14:31:04Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-weakened-exec-approval-binding-via-busybox-and-toybox-applet-execution"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373522?format=json","purl":"pkg:npm/openclaw@2026.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12"}],"aliases":["CVE-2026-43530","GHSA-2cq5-mf3v-mx44"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kns-bfm7-wqa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359979?format=json","vulnerability_id":"VCID-1qwb-a969-kye3","summary":"OpenClaw: Node browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection\n## Summary\nNode browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: Real released allowProfiles bypass through profile mutation and runtime profile selection, fixed and shipped in v2026.3.22+, so keep open for publish rather than close.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.13-1`\n- Patched versions: `>= 2026.3.22`\n- First stable tag containing the fix: `v2026.3.22`\n\n## Fix Commit(s)\n- `eac93507c36ccd0c359fba18fa466ef6448be8a5` — 2026-03-23T00:56:44-07:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.22`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @smaeljaish771 for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-h5hg-h7rr-gpf3","reference_id":"GHSA-h5hg-h7rr-gpf3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h5hg-h7rr-gpf3"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h5hg-h7rr-gpf3","reference_id":"GHSA-h5hg-h7rr-gpf3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h5hg-h7rr-gpf3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["GHSA-h5hg-h7rr-gpf3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qwb-a969-kye3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81137?format=json","vulnerability_id":"VCID-1sxg-r1bm-mygk","summary":"OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions, causing availability impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41408","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16278","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41408"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41408","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41408"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2194587d70d2aef863508b945319c5a7c88b12ce","reference_id":"2194587d70d2aef863508b945319c5a7c88b12ce","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:35:12Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2194587d70d2aef863508b945319c5a7c88b12ce"},{"reference_url":"https://github.com/advisories/GHSA-4g5x-2jfc-xm98","reference_id":"GHSA-4g5x-2jfc-xm98","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4g5x-2jfc-xm98"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4g5x-2jfc-xm98","reference_id":"GHSA-4g5x-2jfc-xm98","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:35:12Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4g5x-2jfc-xm98"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-disk-exhaustion-via-media-download-bypass","reference_id":"openclaw-disk-exhaustion-via-media-download-bypass","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:35:12Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-disk-exhaustion-via-media-download-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41408","GHSA-4g5x-2jfc-xm98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sxg-r1bm-mygk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81051?format=json","vulnerability_id":"VCID-1wqp-rrgy-4ffe","summary":"OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41356","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10415","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41356"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41356","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41356"},{"reference_url":"https://github.com/openclaw/openclaw/commit/91f7a6b0fd67b703897e6e307762d471ca09333d","reference_id":"91f7a6b0fd67b703897e6e307762d471ca09333d","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:47:22Z/"}],"url":"https://github.com/openclaw/openclaw/commit/91f7a6b0fd67b703897e6e307762d471ca09333d"},{"reference_url":"https://github.com/advisories/GHSA-rfqg-qgf8-xr9x","reference_id":"GHSA-rfqg-qgf8-xr9x","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rfqg-qgf8-xr9x"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rfqg-qgf8-xr9x","reference_id":"GHSA-rfqg-qgf8-xr9x","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:47:22Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rfqg-qgf8-xr9x"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-in-device-token-rotate","reference_id":"openclaw-incomplete-websocket-session-termination-in-device-token-rotate","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:47:22Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-in-device-token-rotate"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41356","GHSA-rfqg-qgf8-xr9x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1wqp-rrgy-4ffe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360203?format=json","vulnerability_id":"VCID-1xsa-kxhe-6ugq","summary":"Duplicate Advisory: OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-mwcg-wfq3-4gjc. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32043","reference_id":"CVE-2026-32043","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32043"},{"reference_url":"https://github.com/advisories/GHSA-3p2x-hjxj-c7rv","reference_id":"GHSA-3p2x-hjxj-c7rv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p2x-hjxj-c7rv"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjc","reference_id":"GHSA-mwcg-wfq3-4gjc","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/955420?format=json","purl":"pkg:npm/openclaw@2026.2.25-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25-beta.1"}],"aliases":["GHSA-3p2x-hjxj-c7rv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xsa-kxhe-6ugq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71796?format=json","vulnerability_id":"VCID-213t-kf4c-qfct","summary":"OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35663","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16007","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35663"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35663","reference_id":"CVE-2026-35663","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35663"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d3d8e316bd819d3c7e34253aeb7eccb2510f5f48","reference_id":"d3d8e316bd819d3c7e34253aeb7eccb2510f5f48","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:55Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d3d8e316bd819d3c7e34253aeb7eccb2510f5f48"},{"reference_url":"https://github.com/advisories/GHSA-9hjh-fr4f-gxc4","reference_id":"GHSA-9hjh-fr4f-gxc4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9hjh-fr4f-gxc4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9hjh-fr4f-gxc4","reference_id":"GHSA-9hjh-fr4f-gxc4","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:55Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9hjh-fr4f-gxc4"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-backend-reconnect-scope-self-claim","reference_id":"openclaw-privilege-escalation-via-backend-reconnect-scope-self-claim","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:55Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-backend-reconnect-scope-self-claim"}],"fixed_packages":[],"aliases":["CVE-2026-35663","GHSA-9hjh-fr4f-gxc4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-213t-kf4c-qfct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65486?format=json","vulnerability_id":"VCID-24x5-nkt2-wbg7","summary":"OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-time plugin loading.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43571","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17398","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43571"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43571","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43571"},{"reference_url":"https://github.com/openclaw/openclaw/commit/1fede43b948df40ca8674511d4bd08d39f6c5837","reference_id":"1fede43b948df40ca8674511d4bd08d39f6c5837","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T11:54:14Z/"}],"url":"https://github.com/openclaw/openclaw/commit/1fede43b948df40ca8674511d4bd08d39f6c5837"},{"reference_url":"https://github.com/advisories/GHSA-82qx-6vj7-p8m2","reference_id":"GHSA-82qx-6vj7-p8m2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-82qx-6vj7-p8m2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-82qx-6vj7-p8m2","reference_id":"GHSA-82qx-6vj7-p8m2","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T11:54:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-82qx-6vj7-p8m2"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-untrusted-workspace-plugin-shadow-resolution-in-channel-setup","reference_id":"openclaw-untrusted-workspace-plugin-shadow-resolution-in-channel-setup","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T11:54:14Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-untrusted-workspace-plugin-shadow-resolution-in-channel-setup"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["CVE-2026-43571","GHSA-82qx-6vj7-p8m2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24x5-nkt2-wbg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359839?format=json","vulnerability_id":"VCID-27ud-w29j-cbeq","summary":"OpenClaw: Nostr profile mutation routes allowed operator.write config persistence\n## Summary\n\nNostr profile mutation routes allowed operator.write config persistence.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nNostr plugin HTTP profile routes could persist profile config through a path that did not require admin authority.\n\n## Technical Details\n\nThe fix requires `operator.admin` scope for Nostr profile mutation routes.\n\n## Fix\n\nThe issue was fixed in #63553. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `6517c700de9bb0ee11b41ab625ef3b63d01b6083`\n- PR: #63553\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zpbrent and @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/63553","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/63553"},{"reference_url":"https://github.com/advisories/GHSA-f3h5-h452-vp3j","reference_id":"GHSA-f3h5-h452-vp3j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f3h5-h452-vp3j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f3h5-h452-vp3j","reference_id":"GHSA-f3h5-h452-vp3j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f3h5-h452-vp3j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["GHSA-f3h5-h452-vp3j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27ud-w29j-cbeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77342?format=json","vulnerability_id":"VCID-29xp-41b2-cycb","summary":"OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32302","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06075","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32302"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32302","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32302"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b","reference_id":"ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-13T13:10:50Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b"},{"reference_url":"https://github.com/advisories/GHSA-5wcw-8jjv-m286","reference_id":"GHSA-5wcw-8jjv-m286","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5wcw-8jjv-m286"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286","reference_id":"GHSA-5wcw-8jjv-m286","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-13T13:10:50Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.11","reference_id":"v2026.3.11","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-13T13:10:50Z/"}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["CVE-2026-32302","GHSA-5wcw-8jjv-m286"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29xp-41b2-cycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71903?format=json","vulnerability_id":"VCID-2amg-4khy-1ufr","summary":"OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through forced JSON parsing before signature rejection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35640","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31523","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35640"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35640","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35640"},{"reference_url":"https://github.com/openclaw/openclaw/commit/5e8cb22176e9235e224be0bc530699261eb60e53","reference_id":"5e8cb22176e9235e224be0bc530699261eb60e53","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:25:51Z/"}],"url":"https://github.com/openclaw/openclaw/commit/5e8cb22176e9235e224be0bc530699261eb60e53"},{"reference_url":"https://github.com/advisories/GHSA-3h52-cx59-c456","reference_id":"GHSA-3h52-cx59-c456","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3h52-cx59-c456"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3h52-cx59-c456","reference_id":"GHSA-3h52-cx59-c456","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:25:51Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3h52-cx59-c456"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unauthenticated-webhook-request-parsing","reference_id":"openclaw-denial-of-service-via-unauthenticated-webhook-request-parsing","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:25:51Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unauthenticated-webhook-request-parsing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-35640","GHSA-3h52-cx59-c456"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2amg-4khy-1ufr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359942?format=json","vulnerability_id":"VCID-2c8q-g4uw-mufb","summary":"OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`\n## Summary\nAgentic Consent Bypass: LLM Agent Can Silently Disable Exec Approval via `config.patch`\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: Maintainers accepted this issue, fixed it in 76411b2afc4ae721e36c12e0ea24fd23e2fed61e on 2026-03-27, and that fix shipped in v2026.3.28, so normalize it as a fixed released draft rather than a close-by-trust-model call.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.24`\n- Patched versions: `>= 2026.3.28`\n- First stable tag containing the fix: `v2026.3.28`\n\n## Fix Commit(s)\n- `76411b2afc4ae721e36c12e0ea24fd23e2fed61e` — 2026-03-27T09:42:15Z\n\nOpenClaw thanks @YLChen-007 for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-v3qc-wrwx-j3pw","reference_id":"GHSA-v3qc-wrwx-j3pw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v3qc-wrwx-j3pw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v3qc-wrwx-j3pw","reference_id":"GHSA-v3qc-wrwx-j3pw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v3qc-wrwx-j3pw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-v3qc-wrwx-j3pw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2c8q-g4uw-mufb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81032?format=json","vulnerability_id":"VCID-2d5p-gd51-3bfc","summary":"OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended rate-limiting protections on Tailscale-capable paths.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41913","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23408","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41913"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41913","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41913"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:46:26Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-25wv-8phj-8p7r","reference_id":"GHSA-25wv-8phj-8p7r","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-25wv-8phj-8p7r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-25wv-8phj-8p7r","reference_id":"GHSA-25wv-8phj-8p7r","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:46:26Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-25wv-8phj-8p7r"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-rate-limit-bypass-via-concurrent-async-authentication-attempts","reference_id":"openclaw-rate-limit-bypass-via-concurrent-async-authentication-attempts","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:46:26Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-rate-limit-bypass-via-concurrent-async-authentication-attempts"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373408?format=json","purl":"pkg:npm/openclaw@2026.4.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373918?format=json","purl":"pkg:npm/openclaw@2026.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-bpy3-pdqr-uube"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.5"}],"aliases":["CVE-2026-41913","GHSA-25wv-8phj-8p7r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2d5p-gd51-3bfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78097?format=json","vulnerability_id":"VCID-2d6p-8jxd-1yc4","summary":"OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidated alias parameters to access files outside the intended sandbox directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33581","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19734","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33581"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33581","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33581"},{"reference_url":"https://github.com/openclaw/openclaw/commit/1d7cb6fc03552bbba00e7cffb3aa9741f5556416","reference_id":"1d7cb6fc03552bbba00e7cffb3aa9741f5556416","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:29:20Z/"}],"url":"https://github.com/openclaw/openclaw/commit/1d7cb6fc03552bbba00e7cffb3aa9741f5556416"},{"reference_url":"https://github.com/advisories/GHSA-v8wv-jg3q-qwpq","reference_id":"GHSA-v8wv-jg3q-qwpq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8wv-jg3q-qwpq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq","reference_id":"GHSA-v8wv-jg3q-qwpq","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:29:20Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-mediaurl-and-fileurl-parameters","reference_id":"openclaw-arbitrary-file-read-via-mediaurl-and-fileurl-parameters","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:29:20Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-mediaurl-and-fileurl-parameters"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["CVE-2026-33581","GHSA-v8wv-jg3q-qwpq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2d6p-8jxd-1yc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360210?format=json","vulnerability_id":"VCID-2h93-dwfp-4yfe","summary":"OpenClaw: `browser.request` let `operator.write` persist admin-only browser profile changes\n### Summary\n\nAn authorization mismatch in the gateway let an authenticated caller with only `operator.write` use `browser.request` to reach browser profile management routes that persist configuration to disk. In practice, this exposed an admin-only configuration write primitive through `/profiles/create`.\n\n### Impact\n\nA write-scoped operator could create or modify browser profiles and store attacker-chosen remote CDP endpoints without holding `operator.admin`.\n\n### Affected versions\n\n`openclaw` `<= 2026.3.8`\n\n### Patch\n\nFixed in `openclaw` `2026.3.11` and included in later releases such as `2026.3.12`. Browser profile creation now requires the correct admin boundary, and regression tests cover the write-vs-admin authorization split.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-vmhq-cqm9-6p7q","reference_id":"GHSA-vmhq-cqm9-6p7q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vmhq-cqm9-6p7q"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vmhq-cqm9-6p7q","reference_id":"GHSA-vmhq-cqm9-6p7q","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vmhq-cqm9-6p7q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-vmhq-cqm9-6p7q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2h93-dwfp-4yfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71638?format=json","vulnerability_id":"VCID-2keu-vgjt-t7ba","summary":"OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access validation before message transmission.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35647","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.124","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35647"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2383daf5c4a4e08d9553e0e949552ad755ef9ec2","reference_id":"2383daf5c4a4e08d9553e0e949552ad755ef9ec2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:21:05Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2383daf5c4a4e08d9553e0e949552ad755ef9ec2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35647","reference_id":"CVE-2026-35647","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35647"},{"reference_url":"https://github.com/advisories/GHSA-9wqx-g2cw-vc7r","reference_id":"GHSA-9wqx-g2cw-vc7r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9wqx-g2cw-vc7r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9wqx-g2cw-vc7r","reference_id":"GHSA-9wqx-g2cw-vc7r","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:21:05Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9wqx-g2cw-vc7r"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-direct-message-policy-bypass-via-verification-notices","reference_id":"openclaw-direct-message-policy-bypass-via-verification-notices","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:21:05Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-direct-message-policy-bypass-via-verification-notices"}],"fixed_packages":[],"aliases":["CVE-2026-35647","GHSA-9wqx-g2cw-vc7r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2keu-vgjt-t7ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360115?format=json","vulnerability_id":"VCID-2mq8-xddp-y7ef","summary":"OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status\n## Summary\nRead-scoped gateway snapshots could expose credentials embedded in channel baseUrl and related endpoint fields.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `f0202264d0de7ad345382b9008c5963bcefb01b7`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/channels/account-snapshot-fields.ts now strips URL userinfo from channel status snapshot fields.\n- src/config/redact-snapshot.ts now redacts credential-bearing baseUrl and httpUrl fields while preserving safe context.\n\nOpenClaw thanks @zpbrent for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-ppwq-6v66-5m6j","reference_id":"GHSA-ppwq-6v66-5m6j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ppwq-6v66-5m6j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-ppwq-6v66-5m6j","reference_id":"GHSA-ppwq-6v66-5m6j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-ppwq-6v66-5m6j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["GHSA-ppwq-6v66-5m6j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2mq8-xddp-y7ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359862?format=json","vulnerability_id":"VCID-2p3a-gmxy-37gx","summary":"OpenClaw: Sandbox noVNC helper route exposed interactive browser session credentials\n## Summary\n\nSandbox noVNC helper route exposed interactive browser session credentials.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `>= 2026.2.21 < 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nThe sandbox noVNC helper route could be reached without the intended bridge authentication, exposing an interactive browser session surface.\n\n## Technical Details\n\nThe fix gates the sandbox noVNC helper route behind bridge authentication.\n\n## Fix\n\nThe issue was fixed in #63882. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `8dfbf3268bd224b7377d1ecca77a445100746085`\n- PR: #63882\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/63882","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/63882"},{"reference_url":"https://github.com/advisories/GHSA-92jp-89mq-4374","reference_id":"GHSA-92jp-89mq-4374","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92jp-89mq-4374"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-92jp-89mq-4374","reference_id":"GHSA-92jp-89mq-4374","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-92jp-89mq-4374"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["GHSA-92jp-89mq-4374"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2p3a-gmxy-37gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359256?format=json","vulnerability_id":"VCID-2t7c-q448-a7bp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41399","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27571","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41399"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/cb5f7e201f3f86ad70e199ef850e636b4cc457ba","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/cb5f7e201f3f86ad70e199ef850e636b4cc457ba"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f44p-c7w9-7xr7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f44p-c7w9-7xr7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41399","reference_id":"CVE-2026-41399","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41399"},{"reference_url":"https://github.com/advisories/GHSA-f44p-c7w9-7xr7","reference_id":"GHSA-f44p-c7w9-7xr7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f44p-c7w9-7xr7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41399","GHSA-f44p-c7w9-7xr7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2t7c-q448-a7bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80646?format=json","vulnerability_id":"VCID-2tsv-9m6k-1qdn","summary":"OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement or trigger incorrect session handling.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41341","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05155","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41341"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41341","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41341"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8c83128fc38d5a3642b8ccbea58550755fdbbbaf","reference_id":"8c83128fc38d5a3642b8ccbea58550755fdbbbaf","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:34:01Z/"}],"url":"https://github.com/openclaw/openclaw/commit/8c83128fc38d5a3642b8ccbea58550755fdbbbaf"},{"reference_url":"https://github.com/advisories/GHSA-6336-qqw9-v6x6","reference_id":"GHSA-6336-qqw9-v6x6","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6336-qqw9-v6x6"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6336-qqw9-v6x6","reference_id":"GHSA-6336-qqw9-v6x6","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:34:01Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6336-qqw9-v6x6"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-component-interaction-misclassification-in-discord-extension","reference_id":"openclaw-component-interaction-misclassification-in-discord-extension","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:34:01Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-component-interaction-misclassification-in-discord-extension"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41341","GHSA-6336-qqw9-v6x6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2tsv-9m6k-1qdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212714?format=json","vulnerability_id":"VCID-2vz1-7wq1-qbbk","summary":"OpenClaw: Node camera URL payload host-binding bypass allowed gateway fetch pivots","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3bf19d6f40a0aaa55818b96eede3d05130c02533","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/3bf19d6f40a0aaa55818b96eede3d05130c02533"},{"reference_url":"https://github.com/advisories/GHSA-2858-xg23-26fp","reference_id":"GHSA-2858-xg23-26fp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2858-xg23-26fp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2858-xg23-26fp","reference_id":"GHSA-2858-xg23-26fp","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2858-xg23-26fp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40136?format=json","purl":"pkg:npm/openclaw@2026.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2"}],"aliases":["GHSA-2858-xg23-26fp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vz1-7wq1-qbbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80693?format=json","vulnerability_id":"VCID-3c7e-6d4p-cqdt","summary":"OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41386","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13877","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41386"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41386","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41386"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a600c72ed7d0045a27f58bf031d2b36ecb0141c9","reference_id":"a600c72ed7d0045a27f58bf031d2b36ecb0141c9","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:48:41Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a600c72ed7d0045a27f58bf031d2b36ecb0141c9"},{"reference_url":"https://github.com/advisories/GHSA-gg9v-mgcp-v6m7","reference_id":"GHSA-gg9v-mgcp-v6m7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gg9v-mgcp-v6m7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gg9v-mgcp-v6m7","reference_id":"GHSA-gg9v-mgcp-v6m7","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:48:41Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gg9v-mgcp-v6m7"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-unbound-bootstrap-setup-codes","reference_id":"openclaw-privilege-escalation-via-unbound-bootstrap-setup-codes","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:48:41Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-unbound-bootstrap-setup-codes"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-41386","GHSA-gg9v-mgcp-v6m7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3c7e-6d4p-cqdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80815?format=json","vulnerability_id":"VCID-3f2g-c9me-nbdm","summary":"OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41329","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16007","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41329"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a30214a624946fc5c85c9558a27c1580172374fd","reference_id":"a30214a624946fc5c85c9558a27c1580172374fd","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"9.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:38:10Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a30214a624946fc5c85c9558a27c1580172374fd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41329","reference_id":"CVE-2026-41329","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41329"},{"reference_url":"https://github.com/advisories/GHSA-g5cg-8x5w-7jpm","reference_id":"GHSA-g5cg-8x5w-7jpm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g5cg-8x5w-7jpm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g5cg-8x5w-7jpm","reference_id":"GHSA-g5cg-8x5w-7jpm","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"9.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:38:10Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g5cg-8x5w-7jpm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sandbox-bypass-via-heartbeat-context-inheritance-and-senderisowner-escalation","reference_id":"openclaw-sandbox-bypass-via-heartbeat-context-inheritance-and-senderisowner-escalation","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:38:10Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-bypass-via-heartbeat-context-inheritance-and-senderisowner-escalation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41329","GHSA-g5cg-8x5w-7jpm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3f2g-c9me-nbdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80725?format=json","vulnerability_id":"VCID-3f8g-rfq5-fbeb","summary":"OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient access controls to reach sensitive administrative functionality and modify persistence mechanisms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41359","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09257","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41359"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41359","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41359"},{"reference_url":"https://github.com/openclaw/openclaw/commit/b7d70ade3b9900dbe97bd73be9c02e924ff3c986","reference_id":"b7d70ade3b9900dbe97bd73be9c02e924ff3c986","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:37:35Z/"}],"url":"https://github.com/openclaw/openclaw/commit/b7d70ade3b9900dbe97bd73be9c02e924ff3c986"},{"reference_url":"https://github.com/advisories/GHSA-767m-xrhc-fxm7","reference_id":"GHSA-767m-xrhc-fxm7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-767m-xrhc-fxm7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-767m-xrhc-fxm7","reference_id":"GHSA-767m-xrhc-fxm7","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:37:35Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-767m-xrhc-fxm7"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-operator-write-to-admin-class-telegram-config-and-cron-persistence","reference_id":"openclaw-privilege-escalation-via-operator-write-to-admin-class-telegram-config-and-cron-persistence","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:37:35Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-operator-write-to-admin-class-telegram-config-and-cron-persistence"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41359","GHSA-767m-xrhc-fxm7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3f8g-rfq5-fbeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360135?format=json","vulnerability_id":"VCID-3fg7-n18p-cqek","summary":"Duplicate Advisory: OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-p7gr-f84w-hqg5. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set to off, bypassing runtime confinement restrictions.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32048","reference_id":"CVE-2026-32048","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32048"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-p7gr-f84w-hqg5","reference_id":"GHSA-p7gr-f84w-hqg5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-p7gr-f84w-hqg5"},{"reference_url":"https://github.com/advisories/GHSA-wr92-6w3g-2hwc","reference_id":"GHSA-wr92-6w3g-2hwc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wr92-6w3g-2hwc"}],"fixed_packages":[],"aliases":["GHSA-wr92-6w3g-2hwc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3fg7-n18p-cqek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359920?format=json","vulnerability_id":"VCID-3qf3-mq53-fbgp","summary":"OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration\n## Summary\nMedia Local Roots Self-Whitelisting in `appendLocalMediaParentRoots` Allows Model-Initiated Arbitrary Host File Read and Credential Exfiltration\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: v2026.3.28 still self-whitelists media parent dirs in src/media/local-roots.ts, but only after config already permits tool-fs root expansion, so the impact is narrower than the default-critical framing.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `1ca4261d7e055d0be141ed79ebb1365d0fbc7364` — 2026-03-30T17:15:03+01:00\n\nOpenClaw thanks @tdjackey for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-57gh-m6rq-54cf","reference_id":"GHSA-57gh-m6rq-54cf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57gh-m6rq-54cf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-57gh-m6rq-54cf","reference_id":"GHSA-57gh-m6rq-54cf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-57gh-m6rq-54cf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["GHSA-57gh-m6rq-54cf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qf3-mq53-fbgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80759?format=json","vulnerability_id":"VCID-3swm-pxgf-sqbx","summary":"OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execute different underlying programs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41390","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07931","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41390"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/83da3cfe31f016841e1deedda1a604696f4c488d","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/83da3cfe31f016841e1deedda1a604696f4c488d"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41390","reference_id":"CVE-2026-41390","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41390"},{"reference_url":"https://github.com/advisories/GHSA-6pfc-6m7w-m8fx","reference_id":"GHSA-6pfc-6m7w-m8fx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6pfc-6m7w-m8fx"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6pfc-6m7w-m8fx","reference_id":"GHSA-6pfc-6m7w-m8fx","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T19:25:11Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6pfc-6m7w-m8fx"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-unregistered-usr-bin-script-wrapper","reference_id":"openclaw-exec-allowlist-bypass-via-unregistered-usr-bin-script-wrapper","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T19:25:11Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-unregistered-usr-bin-script-wrapper"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41390","GHSA-6pfc-6m7w-m8fx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3swm-pxgf-sqbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71851?format=json","vulnerability_id":"VCID-3z4d-sm3h-2bg4","summary":"OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered replies to different users, bypassing the intended recipient binding recorded in webhook events.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35670","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26583","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35670"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35670","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35670"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:59:29Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7ade3553b74ee3f461c4acd216653d5ba411f455","reference_id":"7ade3553b74ee3f461c4acd216653d5ba411f455","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:59:29Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7ade3553b74ee3f461c4acd216653d5ba411f455"},{"reference_url":"https://github.com/advisories/GHSA-wv46-v6xc-2qhf","reference_id":"GHSA-wv46-v6xc-2qhf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wv46-v6xc-2qhf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wv46-v6xc-2qhf","reference_id":"GHSA-wv46-v6xc-2qhf","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:59:29Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wv46-v6xc-2qhf"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-webhook-reply-rebinding-via-username-resolution-in-synology-chat","reference_id":"openclaw-webhook-reply-rebinding-via-username-resolution-in-synology-chat","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:59:29Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-webhook-reply-rebinding-via-username-resolution-in-synology-chat"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35670","GHSA-wv46-v6xc-2qhf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3z4d-sm3h-2bg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360056?format=json","vulnerability_id":"VCID-3zp7-juc8-cbf4","summary":"OpenClaw: Sandbox staged writes could escape the verified parent directory before commit\n## Summary\nIn affected versions of `openclaw`, sandbox fs-bridge writes validated the destination before commit, but temporary file creation and population were not pinned to a verified parent directory. A raced parent-path alias change could cause the staged temp file to be created outside the intended writable mount before the final guarded replace step.\n\n## Impact\nThis is a sandbox boundary bypass affecting integrity and availability within the writable mount scope. Attacker-controlled bytes could be written outside the intended validated path before the final guarded step ran.\n\n## Affected Packages and Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.3.8`\n- Fixed in: `2026.3.11`\n\n## Technical Details\nThe older staging flow created and wrote the temporary file using target-directory shell path operations before the final replace step revalidated the destination. That meant the last guard protected only the final rename, not the earlier temp-file materialization path.\n\n## Fix\nOpenClaw now resolves a pinned mount root plus relative parent path, creates the temporary file inside the verified parent directory, and performs the final atomic replace from that pinned directory context. The fix shipped in `openclaw@2026.3.11`.\n\n## Workarounds\nUpgrade to `2026.3.11` or later.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-mj4p-rc52-m843","reference_id":"GHSA-mj4p-rc52-m843","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mj4p-rc52-m843"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mj4p-rc52-m843","reference_id":"GHSA-mj4p-rc52-m843","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mj4p-rc52-m843"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-mj4p-rc52-m843"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zp7-juc8-cbf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359246?format=json","vulnerability_id":"VCID-416m-tsuc-b3fg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41348","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10415","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41348"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8fdb19676ab44cf85d47ee13c578195f2e527591","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/8fdb19676ab44cf85d47ee13c578195f2e527591"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rvvf-6vh3-9j43","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rvvf-6vh3-9j43"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41348","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41348"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-group-dm-channel-allowlist-bypass-via-discord-slash-commands","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-group-dm-channel-allowlist-bypass-via-discord-slash-commands"},{"reference_url":"https://github.com/advisories/GHSA-rvvf-6vh3-9j43","reference_id":"GHSA-rvvf-6vh3-9j43","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rvvf-6vh3-9j43"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41348","GHSA-rvvf-6vh3-9j43"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-416m-tsuc-b3fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359247?format=json","vulnerability_id":"VCID-45as-yk5j-dug2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41354","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17707","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41354"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ef7c553dd16ee579f1d1a363f5881a99726c1412","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/ef7c553dd16ee579f1d1a363f5881a99726c1412"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rxmx-g7hr-8mx4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rxmx-g7hr-8mx4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41354","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41354"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-insufficient-scope-in-zalo-webhook-replay-dedupe-keys","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-insufficient-scope-in-zalo-webhook-replay-dedupe-keys"},{"reference_url":"https://github.com/advisories/GHSA-rxmx-g7hr-8mx4","reference_id":"GHSA-rxmx-g7hr-8mx4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rxmx-g7hr-8mx4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-41354","GHSA-rxmx-g7hr-8mx4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45as-yk5j-dug2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80952?format=json","vulnerability_id":"VCID-47ty-n3m4-nbbe","summary":"OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or tool output intended to be restricted to administrators.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41344","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24831","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41344"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c6031235288a8d3bdf2243bd974340d8c8045bc2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/c6031235288a8d3bdf2243bd974340d8c8045bc2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41344","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41344"},{"reference_url":"https://github.com/advisories/GHSA-5h2w-qmfp-ggp6","reference_id":"GHSA-5h2w-qmfp-ggp6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5h2w-qmfp-ggp6"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5h2w-qmfp-ggp6","reference_id":"GHSA-5h2w-qmfp-ggp6","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:47:02Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5h2w-qmfp-ggp6"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-verbose-parameter","reference_id":"openclaw-privilege-escalation-via-chat-send-verbose-parameter","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:47:02Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-verbose-parameter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41344","GHSA-5h2w-qmfp-ggp6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47ty-n3m4-nbbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360008?format=json","vulnerability_id":"VCID-4ef4-xvcn-nbbq","summary":"Duplicate Advisory: OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-qvr7-g57c-mrc7. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CLI and helper paths to select incorrect credential sources, potentially bypassing intended local authentication boundaries.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32970","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32970"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qvr7-g57c-mrc7","reference_id":"GHSA-qvr7-g57c-mrc7","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qvr7-g57c-mrc7"},{"reference_url":"https://github.com/advisories/GHSA-vm29-7mq3-9jrg","reference_id":"GHSA-vm29-7mq3-9jrg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vm29-7mq3-9jrg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-vm29-7mq3-9jrg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ef4-xvcn-nbbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77126?format=json","vulnerability_id":"VCID-4fv2-atra-6ue3","summary":"OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically accepted in another account in multi-account deployments without explicit approval, bypassing authorization boundaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32067","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12405","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32067"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a0c5e28f3bf0cc0cd9311f9e9ec2ca0352550dcf","reference_id":"a0c5e28f3bf0cc0cd9311f9e9ec2ca0352550dcf","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:19:20Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a0c5e28f3bf0cc0cd9311f9e9ec2ca0352550dcf"},{"reference_url":"https://github.com/openclaw/openclaw/commit/bce643a0bd145d3e9cb55400af33bd1b85baeb02","reference_id":"bce643a0bd145d3e9cb55400af33bd1b85baeb02","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:19:20Z/"}],"url":"https://github.com/openclaw/openclaw/commit/bce643a0bd145d3e9cb55400af33bd1b85baeb02"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32067","reference_id":"CVE-2026-32067","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32067"},{"reference_url":"https://github.com/advisories/GHSA-vjp8-wprm-2jw9","reference_id":"GHSA-vjp8-wprm-2jw9","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vjp8-wprm-2jw9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vjp8-wprm-2jw9","reference_id":"GHSA-vjp8-wprm-2jw9","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:19:20Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vjp8-wprm-2jw9"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-cross-account-authorization-bypass-in-dm-pairing-store","reference_id":"openclaw-cross-account-authorization-bypass-in-dm-pairing-store","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:19:20Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-cross-account-authorization-bypass-in-dm-pairing-store"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["CVE-2026-32067","GHSA-vjp8-wprm-2jw9"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4fv2-atra-6ue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81179?format=json","vulnerability_id":"VCID-4kcu-akxv-hker","summary":"OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and agent configurations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41335","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12872","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41335"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41335","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41335"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c5c10adc022f42eb75ebb3bf364dd607738683b3","reference_id":"c5c10adc022f42eb75ebb3bf364dd607738683b3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:32:59Z/"}],"url":"https://github.com/openclaw/openclaw/commit/c5c10adc022f42eb75ebb3bf364dd607738683b3"},{"reference_url":"https://github.com/advisories/GHSA-hr8g-2q7x-3f4w","reference_id":"GHSA-hr8g-2q7x-3f4w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hr8g-2q7x-3f4w"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hr8g-2q7x-3f4w","reference_id":"GHSA-hr8g-2q7x-3f4w","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:32:59Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hr8g-2q7x-3f4w"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-control-ui-bootstrap-json","reference_id":"openclaw-information-disclosure-via-control-ui-bootstrap-json","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:32:59Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-control-ui-bootstrap-json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41335","GHSA-hr8g-2q7x-3f4w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kcu-akxv-hker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360100?format=json","vulnerability_id":"VCID-4n9g-ymdq-6fhd","summary":"Duplicate Advisory: OpenClaw's message tool media parameter bypasses tool policy filesystem isolation\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-v8wv-jg3q-qwpq. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidated alias parameters to access files outside the intended sandbox directory.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33581","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33581"},{"reference_url":"https://github.com/advisories/GHSA-3gr8-2752-h46q","reference_id":"GHSA-3gr8-2752-h46q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gr8-2752-h46q"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq","reference_id":"GHSA-v8wv-jg3q-qwpq","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["GHSA-3gr8-2752-h46q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4n9g-ymdq-6fhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69834?format=json","vulnerability_id":"VCID-4qqv-57ws-4yb3","summary":"OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45002","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10694","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45002"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45002","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45002"},{"reference_url":"https://github.com/openclaw/openclaw/commit/5275d008ed33203dba3f98e969ad683a65c416c3","reference_id":"5275d008ed33203dba3f98e969ad683a65c416c3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/"}],"url":"https://github.com/openclaw/openclaw/commit/5275d008ed33203dba3f98e969ad683a65c416c3"},{"reference_url":"https://github.com/advisories/GHSA-2xcp-x87w-q377","reference_id":"GHSA-2xcp-x87w-q377","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xcp-x87w-q377"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2xcp-x87w-q377","reference_id":"GHSA-2xcp-x87w-q377","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2xcp-x87w-q377"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-hook-session-key-bypass-via-template-mapping","reference_id":"openclaw-hook-session-key-bypass-via-template-mapping","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-hook-session-key-bypass-via-template-mapping"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-45002","GHSA-2xcp-x87w-q377"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qqv-57ws-4yb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71557?format=json","vulnerability_id":"VCID-4srt-x1xb-xqa8","summary":"OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce operator.admin scope. Attackers with operator.write scope can invoke /send on|off|inherit to persistently mutate the current session's sendPolicy, and execute /allowlist add commands to modify config-backed allowFrom entries and pairing-store allowlist entries without proper admin authorization.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35620","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20457","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35620"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35620","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35620"},{"reference_url":"https://github.com/openclaw/openclaw/commit/555b2578a8cc6e1b93f717496935ead97bfbed8b","reference_id":"555b2578a8cc6e1b93f717496935ead97bfbed8b","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/"}],"url":"https://github.com/openclaw/openclaw/commit/555b2578a8cc6e1b93f717496935ead97bfbed8b"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ccfeecb6887cd97937e33a71877ad512741e82b2","reference_id":"ccfeecb6887cd97937e33a71877ad512741e82b2","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ccfeecb6887cd97937e33a71877ad512741e82b2"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ea018a68ccb92dbc735bc1df9880d5c95c63ca35","reference_id":"ea018a68ccb92dbc735bc1df9880d5c95c63ca35","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ea018a68ccb92dbc735bc1df9880d5c95c63ca35"},{"reference_url":"https://github.com/advisories/GHSA-39mp-545q-w789","reference_id":"GHSA-39mp-545q-w789","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-39mp-545q-w789"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-39mp-545q-w789","reference_id":"GHSA-39mp-545q-w789","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-39mp-545q-w789"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vqvg-86cc-cg83","reference_id":"GHSA-vqvg-86cc-cg83","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vqvg-86cc-cg83"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-missing-authorization-in-send-and-allowlist-chat-commands","reference_id":"openclaw-missing-authorization-in-send-and-allowlist-chat-commands","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-missing-authorization-in-send-and-allowlist-chat-commands"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["CVE-2026-35620","GHSA-39mp-545q-w789"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4srt-x1xb-xqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359251?format=json","vulnerability_id":"VCID-4umw-rnj5-efad","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41374","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23943","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41374"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ee52f64226a03efadfdf1e3b759e13424a3d4e41","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/ee52f64226a03efadfdf1e3b759e13424a3d4e41"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hhff-fj5f-qg48","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hhff-fj5f-qg48"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41374","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41374"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-discord-audio-preflight-before-member-authorization","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-discord-audio-preflight-before-member-authorization"},{"reference_url":"https://github.com/advisories/GHSA-hhff-fj5f-qg48","reference_id":"GHSA-hhff-fj5f-qg48","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhff-fj5f-qg48"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41374","GHSA-hhff-fj5f-qg48"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4umw-rnj5-efad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359838?format=json","vulnerability_id":"VCID-4x1j-ccq5-d7cu","summary":"Duplicate Advisory: OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-65h8-27jh-q8wv. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of service through resource exhaustion.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35627","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35627"},{"reference_url":"https://github.com/advisories/GHSA-2j53-2c28-g9v2","reference_id":"GHSA-2j53-2c28-g9v2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2j53-2c28-g9v2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv","reference_id":"GHSA-65h8-27jh-q8wv","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["GHSA-2j53-2c28-g9v2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4x1j-ccq5-d7cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80738?format=json","vulnerability_id":"VCID-4yrw-qqvt-jkhn","summary":"OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41400","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37265","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41400"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41400","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41400"},{"reference_url":"https://github.com/openclaw/openclaw/commit/9abcfdadf591bf266d85fbdfe14ae833e557a110","reference_id":"9abcfdadf591bf266d85fbdfe14ae833e557a110","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:52:26Z/"}],"url":"https://github.com/openclaw/openclaw/commit/9abcfdadf591bf266d85fbdfe14ae833e557a110"},{"reference_url":"https://github.com/advisories/GHSA-2w79-r9g8-wmcr","reference_id":"GHSA-2w79-r9g8-wmcr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2w79-r9g8-wmcr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2w79-r9g8-wmcr","reference_id":"GHSA-2w79-r9g8-wmcr","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:52:26Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2w79-r9g8-wmcr"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-oversized-websocket-frames-in-voice-call","reference_id":"openclaw-resource-consumption-via-oversized-websocket-frames-in-voice-call","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:52:26Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-oversized-websocket-frames-in-voice-call"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41400","GHSA-2w79-r9g8-wmcr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4yrw-qqvt-jkhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71583?format=json","vulnerability_id":"VCID-54js-czwp-jkce","summary":"OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can leverage git dependencies to trigger execution of arbitrary programs specified in the attacker-controlled .npmrc configuration file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35641","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01187","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35641"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35641","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35641"},{"reference_url":"https://github.com/advisories/GHSA-m3mh-3mpg-37hw","reference_id":"GHSA-m3mh-3mpg-37hw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m3mh-3mpg-37hw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m3mh-3mpg-37hw","reference_id":"GHSA-m3mh-3mpg-37hw","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-14T14:30:45Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m3mh-3mpg-37hw"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-npmrc-in-local-plugin-hook-installation","reference_id":"openclaw-arbitrary-code-execution-via-npmrc-in-local-plugin-hook-installation","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-14T14:30:45Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-npmrc-in-local-plugin-hook-installation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["CVE-2026-35641","GHSA-m3mh-3mpg-37hw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54js-czwp-jkce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77452?format=json","vulnerability_id":"VCID-55vp-7m3m-pfem","summary":"OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Google Chat that parse request bodies before performing authentication and signature validation. Unauthenticated attackers can exploit this by sending slow or oversized request bodies to exhaust parser resources and degrade service availability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32011","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25473","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32011"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32011","reference_id":"CVE-2026-32011","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32011"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d3e8b17aa6432536806b4853edc7939d891d0f25","reference_id":"d3e8b17aa6432536806b4853edc7939d891d0f25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:03:36Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d3e8b17aa6432536806b4853edc7939d891d0f25"},{"reference_url":"https://github.com/advisories/GHSA-x4vp-4235-65hg","reference_id":"GHSA-x4vp-4235-65hg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4vp-4235-65hg"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x4vp-4235-65hg","reference_id":"GHSA-x4vp-4235-65hg","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:03:36Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x4vp-4235-65hg"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-slow-request-denial-of-service-via-pre-auth-webhook-body-parsing","reference_id":"openclaw-slow-request-denial-of-service-via-pre-auth-webhook-body-parsing","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:03:36Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-slow-request-denial-of-service-via-pre-auth-webhook-body-parsing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40136?format=json","purl":"pkg:npm/openclaw@2026.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2"}],"aliases":["CVE-2026-32011","GHSA-x4vp-4235-65hg"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-55vp-7m3m-pfem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81138?format=json","vulnerability_id":"VCID-563k-49s5-5fbp","summary":"OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41296","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10965","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41296"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41296","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41296"},{"reference_url":"https://github.com/openclaw/openclaw/commit/121870a08583033ed6a0ed73d9ffea32991252bb","reference_id":"121870a08583033ed6a0ed73d9ffea32991252bb","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T16:02:53Z/"}],"url":"https://github.com/openclaw/openclaw/commit/121870a08583033ed6a0ed73d9ffea32991252bb"},{"reference_url":"https://github.com/advisories/GHSA-9p3r-hh9g-5cmg","reference_id":"GHSA-9p3r-hh9g-5cmg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9p3r-hh9g-5cmg"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9p3r-hh9g-5cmg","reference_id":"GHSA-9p3r-hh9g-5cmg","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T16:02:53Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9p3r-hh9g-5cmg"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-toctou-race-in-remote-fs-bridge-readfile","reference_id":"openclaw-sandbox-escape-via-toctou-race-in-remote-fs-bridge-readfile","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T16:02:53Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-toctou-race-in-remote-fs-bridge-readfile"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41296","GHSA-9p3r-hh9g-5cmg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-563k-49s5-5fbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360200?format=json","vulnerability_id":"VCID-59a9-8rag-mfg5","summary":"OpenClaw: Channel commands could bypass account-scoped `configWrites` restrictions\n## Summary\nIn affected versions of `openclaw`, channel-initiated config mutations were authorized against the originating account's `configWrites` policy but did not consistently re-check the targeted account scope. An authorized sender on one account could mutate protected sibling-account configuration when the target account had `configWrites: false`.\n\n## Impact\nThis is an account-scoped policy bypass inside a single gateway deployment. Channel commands such as `/config set channels.<provider>.accounts.<id>...` and config-backed `/allowlist ... --config --account <id>` could modify protected sibling-account configuration.\n\n## Affected Packages and Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.3.8`\n- Fixed in: `2026.3.11`\n\n## Technical Details\nThe mutation path validated the origin account scope but did not consistently authorize every resolved target scope. Ambiguous collection and root writes under `channels` and `channels.<provider>.accounts` could therefore reach protected account configuration from channel command surfaces.\n\n## Fix\nOpenClaw now authorizes config mutations against both the origin scope and each resolved target scope, and it rejects ambiguous root and collection writes from channel commands unless the caller is an internal gateway client with `operator.admin`. The fix shipped in `openclaw@2026.3.11`.\n\n## Workarounds\nUpgrade to `2026.3.11` or later.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-8jhh-jcqg-mj5p","reference_id":"GHSA-8jhh-jcqg-mj5p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8jhh-jcqg-mj5p"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8jhh-jcqg-mj5p","reference_id":"GHSA-8jhh-jcqg-mj5p","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8jhh-jcqg-mj5p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-8jhh-jcqg-mj5p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59a9-8rag-mfg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71863?format=json","vulnerability_id":"VCID-59an-tnp2-qfgg","summary":"OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook secrets through brute-force attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35628","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21935","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35628"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35628","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35628"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c2c136ae9517ddd0789d742a0fdf4c10e8c729a7","reference_id":"c2c136ae9517ddd0789d742a0fdf4c10e8c729a7","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:14:25Z/"}],"url":"https://github.com/openclaw/openclaw/commit/c2c136ae9517ddd0789d742a0fdf4c10e8c729a7"},{"reference_url":"https://github.com/advisories/GHSA-vcx4-4qxg-mfp4","reference_id":"GHSA-vcx4-4qxg-mfp4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcx4-4qxg-mfp4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vcx4-4qxg-mfp4","reference_id":"GHSA-vcx4-4qxg-mfp4","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:14:25Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vcx4-4qxg-mfp4"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-telegram-webhook-rate-limiting","reference_id":"openclaw-brute-force-attack-via-missing-telegram-webhook-rate-limiting","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:14:25Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-telegram-webhook-rate-limiting"}],"fixed_packages":[],"aliases":["CVE-2026-35628","GHSA-vcx4-4qxg-mfp4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59an-tnp2-qfgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84008?format=json","vulnerability_id":"VCID-5c35-mfrw-r3fg","summary":"OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40045","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00427","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40045"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40045","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40045"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a941a4fef9bc43b2973c92d0dcff5b8a426210c5","reference_id":"a941a4fef9bc43b2973c92d0dcff5b8a426210c5","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:37:33Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a941a4fef9bc43b2973c92d0dcff5b8a426210c5"},{"reference_url":"https://github.com/advisories/GHSA-83f3-hh45-vfw9","reference_id":"GHSA-83f3-hh45-vfw9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-83f3-hh45-vfw9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-83f3-hh45-vfw9","reference_id":"GHSA-83f3-hh45-vfw9","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:37:33Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-83f3-hh45-vfw9"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-cleartext-credential-transmission-via-unencrypted-websocket-gateway-endpoints","reference_id":"openclaw-cleartext-credential-transmission-via-unencrypted-websocket-gateway-endpoints","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:37:33Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-cleartext-credential-transmission-via-unencrypted-websocket-gateway-endpoints"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-40045","GHSA-83f3-hh45-vfw9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5c35-mfrw-r3fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71899?format=json","vulnerability_id":"VCID-5czq-jh7n-a3d8","summary":"OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35652","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19789","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35652"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35652","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35652"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:54:51Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66","reference_id":"a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:54:51Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66"},{"reference_url":"https://github.com/advisories/GHSA-8883-9w57-vwv6","reference_id":"GHSA-8883-9w57-vwv6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8883-9w57-vwv6"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8883-9w57-vwv6","reference_id":"GHSA-8883-9w57-vwv6","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:54:51Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8883-9w57-vwv6"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unauthorized-action-execution-via-callback-dispatch","reference_id":"openclaw-unauthorized-action-execution-via-callback-dispatch","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:54:51Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unauthorized-action-execution-via-callback-dispatch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35652","GHSA-8883-9w57-vwv6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5czq-jh7n-a3d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71897?format=json","vulnerability_id":"VCID-5eqd-gfxe-t7g7","summary":"OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35624","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21302","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35624"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35624","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35624"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:15:46Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66","reference_id":"a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:15:46Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66"},{"reference_url":"https://github.com/advisories/GHSA-xhq5-45pm-2gjr","reference_id":"GHSA-xhq5-45pm-2gjr","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhq5-45pm-2gjr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xhq5-45pm-2gjr","reference_id":"GHSA-xhq5-45pm-2gjr","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:15:46Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xhq5-45pm-2gjr"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-policy-confusion-via-room-name-collision-in-nextcloud-talk","reference_id":"openclaw-policy-confusion-via-room-name-collision-in-nextcloud-talk","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:15:46Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-policy-confusion-via-room-name-collision-in-nextcloud-talk"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35624","GHSA-xhq5-45pm-2gjr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5eqd-gfxe-t7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81180?format=json","vulnerability_id":"VCID-5hvu-e2e8-y7h6","summary":"OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escalate privileges by leveraging unrestricted agent.request dispatch to achieve remote code execution on the gateway.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41378","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.5236","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41378"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41378","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41378"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a77928b1087e90f2a8903f8e5aca6dec9237ac62","reference_id":"a77928b1087e90f2a8903f8e5aca6dec9237ac62","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:53:49Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a77928b1087e90f2a8903f8e5aca6dec9237ac62"},{"reference_url":"https://github.com/advisories/GHSA-gjm7-hw8f-73rq","reference_id":"GHSA-gjm7-hw8f-73rq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gjm7-hw8f-73rq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gjm7-hw8f-73rq","reference_id":"GHSA-gjm7-hw8f-73rq","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:53:49Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gjm7-hw8f-73rq"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-to-remote-code-execution-via-unrestricted-node-event-agent-dispatch","reference_id":"openclaw-privilege-escalation-to-remote-code-execution-via-unrestricted-node-event-agent-dispatch","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:53:49Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-to-remote-code-execution-via-unrestricted-node-event-agent-dispatch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41378","GHSA-gjm7-hw8f-73rq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hvu-e2e8-y7h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360189?format=json","vulnerability_id":"VCID-5j3s-mfzd-2uex","summary":"OpenClaw: Discord guild reaction ingress could bypass users and roles allowlists\n## Summary\nIn affected versions of `openclaw`, Discord reaction ingestion for guild channels did not enforce the same member users and roles allowlist checks used for normal inbound guild messages. A non-allowlisted guild member could still trigger reaction events that were accepted and queued as trusted system events for the target session.\n\n## Impact\nThis is an authorization bypass in the Discord allowlist path. Reaction text could be injected into downstream session context even when the reacting guild member was not permitted by the configured users or roles allowlist.\n\n## Affected Packages and Versions\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.3.11`\n- Fixed in: `2026.3.11`\n\n## Technical Details\nThe reaction ingress authorization path enforced DM, group, guild, and channel policy checks, but it did not apply the member-level users and roles allowlist gate that normal guild-message preflight uses. Accepted reactions were then enqueued as trusted system events for the routed session.\n\n## Fix\nOpenClaw now applies the same users and roles allowlist enforcement to guild reaction ingress that it already applies to normal inbound guild messages. The fix shipped in `openclaw@2026.3.11`.\n\n## Workarounds\nUpgrade to `2026.3.11` or later.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-9vvh-2768-c8vp","reference_id":"GHSA-9vvh-2768-c8vp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9vvh-2768-c8vp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9vvh-2768-c8vp","reference_id":"GHSA-9vvh-2768-c8vp","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9vvh-2768-c8vp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-9vvh-2768-c8vp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5j3s-mfzd-2uex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78132?format=json","vulnerability_id":"VCID-5jgs-gk2n-8fdk","summary":"OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33576","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0503","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33576"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33576","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33576"},{"reference_url":"https://github.com/openclaw/openclaw/commit/68ceaf7a5f64a23e78b95eff055e4b497218312a","reference_id":"68ceaf7a5f64a23e78b95eff055e4b497218312a","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:11:13Z/"}],"url":"https://github.com/openclaw/openclaw/commit/68ceaf7a5f64a23e78b95eff055e4b497218312a"},{"reference_url":"https://github.com/advisories/GHSA-v2v2-f783-358j","reference_id":"GHSA-v2v2-f783-358j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v2v2-f783-358j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v2v2-f783-358j","reference_id":"GHSA-v2v2-f783-358j","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:11:13Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v2v2-f783-358j"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unauthorized-media-download-via-zalo-channel","reference_id":"openclaw-unauthorized-media-download-via-zalo-channel","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:11:13Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unauthorized-media-download-via-zalo-channel"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-33576","GHSA-v2v2-f783-358j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jgs-gk2n-8fdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71536?format=json","vulnerability_id":"VCID-5k9d-n6kg-g3bn","summary":"OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command, causing data corruption, resource leaks, and skipped security-sensitive cleanup operations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35667","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04194","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35667"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35667","reference_id":"CVE-2026-35667","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35667"},{"reference_url":"https://github.com/advisories/GHSA-3298-56p6-rpw2","reference_id":"GHSA-3298-56p6-rpw2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3298-56p6-rpw2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3298-56p6-rpw2","reference_id":"GHSA-3298-56p6-rpw2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:14:31Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3298-56p6-rpw2"},{"reference_url":"https://github.com/advisories/GHSA-jfv4-h8mc-jcp8","reference_id":"GHSA-jfv4-h8mc-jcp8","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfv4-h8mc-jcp8"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-improper-process-termination-via-unpatched-killprocesstree-in-shell-utils-ts","reference_id":"openclaw-improper-process-termination-via-unpatched-killprocesstree-in-shell-utils-ts","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:14:31Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-improper-process-termination-via-unpatched-killprocesstree-in-shell-utils-ts"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["CVE-2026-35667","GHSA-3298-56p6-rpw2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5k9d-n6kg-g3bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80787?format=json","vulnerability_id":"VCID-5msy-va7d-jkhz","summary":"OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41364","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40958","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41364"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41364","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41364"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3d5af14984ac1976c747a8e11581d697bd0829dc","reference_id":"3d5af14984ac1976c747a8e11581d697bd0829dc","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:05:32Z/"}],"url":"https://github.com/openclaw/openclaw/commit/3d5af14984ac1976c747a8e11581d697bd0829dc"},{"reference_url":"https://github.com/advisories/GHSA-fv94-qvg8-xqpw","reference_id":"GHSA-fv94-qvg8-xqpw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fv94-qvg8-xqpw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fv94-qvg8-xqpw","reference_id":"GHSA-fv94-qvg8-xqpw","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:05:32Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fv94-qvg8-xqpw"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-symlink-following-in-ssh-sandbox-tar-upload","reference_id":"openclaw-arbitrary-file-write-via-symlink-following-in-ssh-sandbox-tar-upload","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:05:32Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-symlink-following-in-ssh-sandbox-tar-upload"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41364","GHSA-fv94-qvg8-xqpw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5msy-va7d-jkhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212778?format=json","vulnerability_id":"VCID-5qma-pezj-mucc","summary":"OpenClaw: Cross-account sender authorization expansion in `/allowlist ... --store` account scoping","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/70da80bcb5574a10925469048d2ebb2abf882e73","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/70da80bcb5574a10925469048d2ebb2abf882e73"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"},{"reference_url":"https://github.com/advisories/GHSA-pjvx-rx66-r3fg","reference_id":"GHSA-pjvx-rx66-r3fg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pjvx-rx66-r3fg"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-pjvx-rx66-r3fg","reference_id":"GHSA-pjvx-rx66-r3fg","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-pjvx-rx66-r3fg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40410?format=json","purl":"pkg:npm/openclaw@2026.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.7"}],"aliases":["GHSA-pjvx-rx66-r3fg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qma-pezj-mucc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76875?format=json","vulnerability_id":"VCID-5r19-s5sm-x7bj","summary":"OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction_* and pin_* non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from restricted senders.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32899","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13062","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32899"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/75dfb71e4e8b7c2feba5a8ca662f92ea840e0147","reference_id":"75dfb71e4e8b7c2feba5a8ca662f92ea840e0147","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:37:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/75dfb71e4e8b7c2feba5a8ca662f92ea840e0147"},{"reference_url":"https://github.com/openclaw/openclaw/commit/aedf62ac7e669a89c7b299201bf6537dc6b12e0e","reference_id":"aedf62ac7e669a89c7b299201bf6537dc6b12e0e","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:37:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/aedf62ac7e669a89c7b299201bf6537dc6b12e0e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32899","reference_id":"CVE-2026-32899","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32899"},{"reference_url":"https://github.com/advisories/GHSA-rm2p-j3r7-4x4j","reference_id":"GHSA-rm2p-j3r7-4x4j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm2p-j3r7-4x4j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rm2p-j3r7-4x4j","reference_id":"GHSA-rm2p-j3r7-4x4j","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:37:19Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rm2p-j3r7-4x4j"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sender-policy-bypass-in-slack-reaction-and-pin-event-handlers","reference_id":"openclaw-sender-policy-bypass-in-slack-reaction-and-pin-event-handlers","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:37:19Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sender-policy-bypass-in-slack-reaction-and-pin-event-handlers"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["CVE-2026-32899","GHSA-rm2p-j3r7-4x4j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5r19-s5sm-x7bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359934?format=json","vulnerability_id":"VCID-5szz-xqng-fffv","summary":"OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts\n## Summary\nTelegram legacy allowFrom migration fans default-account trust into all named accounts\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: low\n- Assessment: Shipped v2026.3.28 Telegram migration fans legacy default-account allowFrom trust into named accounts, which is an in-scope auth-boundary bug and low fits.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `d8c68c8d4265ea6fa5e8c5e056534c351bddef37` — 2026-03-31T12:51:38+01:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @smaeljaish771 for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/advisories/GHSA-f693-58pc-2gfr","reference_id":"GHSA-f693-58pc-2gfr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f693-58pc-2gfr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f693-58pc-2gfr","reference_id":"GHSA-f693-58pc-2gfr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f693-58pc-2gfr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["GHSA-f693-58pc-2gfr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5szz-xqng-fffv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65525?format=json","vulnerability_id":"VCID-5uvn-998w-hfds","summary":"OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43534","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06614","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43534"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/64372","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/64372"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43534","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43534"},{"reference_url":"https://github.com/openclaw/openclaw/commit/e3a845bde5b54f4f1e742d0a51ba9860f9619b29","reference_id":"e3a845bde5b54f4f1e742d0a51ba9860f9619b29","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-06T14:12:17Z/"}],"url":"https://github.com/openclaw/openclaw/commit/e3a845bde5b54f4f1e742d0a51ba9860f9619b29"},{"reference_url":"https://github.com/advisories/GHSA-7g8c-cfr3-vqqr","reference_id":"GHSA-7g8c-cfr3-vqqr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g8c-cfr3-vqqr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr","reference_id":"GHSA-7g8c-cfr3-vqqr","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-06T14:12:17Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unsanitized-external-input-in-agent-hook-events","reference_id":"openclaw-unsanitized-external-input-in-agent-hook-events","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-06T14:12:17Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unsanitized-external-input-in-agent-hook-events"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["CVE-2026-43534","GHSA-7g8c-cfr3-vqqr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5uvn-998w-hfds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359764?format=json","vulnerability_id":"VCID-5zh4-jn4s-akc9","summary":"OpenClaw: Paired-device pairing actions were not limited to the caller device\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nA paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope ceiling.\n\nThis is a same-gateway paired-device authorization bug, not a remote unauthenticated issue. Severity is low.\n\n## Fix\n\nPairing management actions are now limited to the caller device, so non-admin paired-device sessions cannot approve or operate on unrelated pending device requests.\n\nFix commit:\n\n- `5a12f30441d5b0b151f550daa2c5c9e8db61e2e6`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-xrq9-jm7v-g9h7","reference_id":"GHSA-xrq9-jm7v-g9h7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrq9-jm7v-g9h7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xrq9-jm7v-g9h7","reference_id":"GHSA-xrq9-jm7v-g9h7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xrq9-jm7v-g9h7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-xrq9-jm7v-g9h7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5zh4-jn4s-akc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360107?format=json","vulnerability_id":"VCID-64pj-77vs-8kbf","summary":"Duplicate Advisory: OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-hjvp-qhm6-wrh2. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval with changed env input, bypassing execution-integrity controls in approval-enabled workflows.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32058","reference_id":"CVE-2026-32058","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32058"},{"reference_url":"https://github.com/advisories/GHSA-cjq8-m7wj-xmq9","reference_id":"GHSA-cjq8-m7wj-xmq9","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cjq8-m7wj-xmq9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hjvp-qhm6-wrh2","reference_id":"GHSA-hjvp-qhm6-wrh2","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hjvp-qhm6-wrh2"}],"fixed_packages":[],"aliases":["GHSA-cjq8-m7wj-xmq9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64pj-77vs-8kbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68039?format=json","vulnerability_id":"VCID-65nh-ys6n-77ag","summary":"OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44118","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02617","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44118"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44118","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44118"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19","reference_id":"3cb1a56bfc9579a0f2336f9cfa12a8a744332a19","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/"}],"url":"https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19"},{"reference_url":"https://github.com/advisories/GHSA-r6xh-pqhr-v4xh","reference_id":"GHSA-r6xh-pqhr-v4xh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6xh-pqhr-v4xh"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh","reference_id":"GHSA-r6xh-pqhr-v4xh","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header","reference_id":"openclaw-owner-context-spoofing-via-bearer-token-header","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44118","GHSA-r6xh-pqhr-v4xh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65nh-ys6n-77ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76959?format=json","vulnerability_id":"VCID-6atn-d2zy-1qcm","summary":"OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication checks by submitting deeply encoded slash variants such as multi-encoded %2f to access protected /api/channels endpoints.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32004","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22531","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32004"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2fd8264ab03bd178e62a5f0c50d1c8556c17f12d","reference_id":"2fd8264ab03bd178e62a5f0c50d1c8556c17f12d","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T18:26:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2fd8264ab03bd178e62a5f0c50d1c8556c17f12d"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7a7eee920a176a0043398c6b37bf4cc6eb983eeb","reference_id":"7a7eee920a176a0043398c6b37bf4cc6eb983eeb","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T18:26:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7a7eee920a176a0043398c6b37bf4cc6eb983eeb"},{"reference_url":"https://github.com/openclaw/openclaw/commit/93b07240257919f770d1e263e1f22753937b80ea","reference_id":"93b07240257919f770d1e263e1f22753937b80ea","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T18:26:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/93b07240257919f770d1e263e1f22753937b80ea"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32004","reference_id":"CVE-2026-32004","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32004"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d74bc257d8432f17e50b23ae713d7e0623a1fe0f","reference_id":"d74bc257d8432f17e50b23ae713d7e0623a1fe0f","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T18:26:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d74bc257d8432f17e50b23ae713d7e0623a1fe0f"},{"reference_url":"https://github.com/advisories/GHSA-v865-p3gq-hw6m","reference_id":"GHSA-v865-p3gq-hw6m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v865-p3gq-hw6m"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v865-p3gq-hw6m","reference_id":"GHSA-v865-p3gq-hw6m","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T18:26:19Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v865-p3gq-hw6m"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-encoded-path-in-api-channels-route","reference_id":"openclaw-authentication-bypass-via-encoded-path-in-api-channels-route","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T18:26:19Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-encoded-path-in-api-channels-route"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40136?format=json","purl":"pkg:npm/openclaw@2026.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2"}],"aliases":["CVE-2026-32004","GHSA-v865-p3gq-hw6m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6atn-d2zy-1qcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212734?format=json","vulnerability_id":"VCID-6bzc-dk3a-c7gk","summary":"OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/57334cd7d85174d5f951de01114fd5801b063564","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/57334cd7d85174d5f951de01114fd5801b063564"},{"reference_url":"https://github.com/advisories/GHSA-7qf6-h84j-8fq4","reference_id":"GHSA-7qf6-h84j-8fq4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7qf6-h84j-8fq4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7qf6-h84j-8fq4","reference_id":"GHSA-7qf6-h84j-8fq4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7qf6-h84j-8fq4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["GHSA-7qf6-h84j-8fq4"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6bzc-dk3a-c7gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212697?format=json","vulnerability_id":"VCID-6ccy-jc9d-6qcm","summary":"OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8f3310000a8b0c11eced054c2cdb6fb27803511a","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/8f3310000a8b0c11eced054c2cdb6fb27803511a"},{"reference_url":"https://github.com/advisories/GHSA-6g25-pc82-vfwp","reference_id":"GHSA-6g25-pc82-vfwp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6g25-pc82-vfwp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6g25-pc82-vfwp","reference_id":"GHSA-6g25-pc82-vfwp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6g25-pc82-vfwp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["GHSA-6g25-pc82-vfwp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ccy-jc9d-6qcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70630?format=json","vulnerability_id":"VCID-6ce4-zpfh-pybu","summary":"OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42431","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11169","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42431"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42431","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42431"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:12:10Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-cmfr-9m2r-xwhq","reference_id":"GHSA-cmfr-9m2r-xwhq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cmfr-9m2r-xwhq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cmfr-9m2r-xwhq","reference_id":"GHSA-cmfr-9m2r-xwhq","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:12:10Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cmfr-9m2r-xwhq"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-persistent-profile-mutation-via-node-invoke-browser-proxy-bypass","reference_id":"openclaw-persistent-profile-mutation-via-node-invoke-browser-proxy-bypass","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:12:10Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-persistent-profile-mutation-via-node-invoke-browser-proxy-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42431","GHSA-cmfr-9m2r-xwhq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ce4-zpfh-pybu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212780?format=json","vulnerability_id":"VCID-6ctp-85cy-k3dz","summary":"OpenClaw: system.run allow-always persistence included shell-commented payload tails","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/939b18475d734ed75173f59507e3ebbdfe1992b7","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/939b18475d734ed75173f59507e3ebbdfe1992b7"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"},{"reference_url":"https://github.com/advisories/GHSA-9q2p-vc84-2rwm","reference_id":"GHSA-9q2p-vc84-2rwm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9q2p-vc84-2rwm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9q2p-vc84-2rwm","reference_id":"GHSA-9q2p-vc84-2rwm","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9q2p-vc84-2rwm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40410?format=json","purl":"pkg:npm/openclaw@2026.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.7"}],"aliases":["GHSA-9q2p-vc84-2rwm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ctp-85cy-k3dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71545?format=json","vulnerability_id":"VCID-6cym-v42t-quh6","summary":"OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35666","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18755","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35666"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35666","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35666"},{"reference_url":"https://github.com/openclaw/openclaw/commit/39409b6a6dd4239deea682e626bac9ba547bfb14","reference_id":"39409b6a6dd4239deea682e626bac9ba547bfb14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:38:28Z/"}],"url":"https://github.com/openclaw/openclaw/commit/39409b6a6dd4239deea682e626bac9ba547bfb14"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:38:28Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/advisories/GHSA-qm9x-v7cx-7rq4","reference_id":"GHSA-qm9x-v7cx-7rq4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm9x-v7cx-7rq4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qm9x-v7cx-7rq4","reference_id":"GHSA-qm9x-v7cx-7rq4","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:38:28Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qm9x-v7cx-7rq4"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-unregistered-time-dispatch-wrapper","reference_id":"openclaw-allowlist-bypass-via-unregistered-time-dispatch-wrapper","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:38:28Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-unregistered-time-dispatch-wrapper"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35666","GHSA-qm9x-v7cx-7rq4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cym-v42t-quh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80867?format=json","vulnerability_id":"VCID-6fjf-yjn7-qkbh","summary":"OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41387","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06035","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41387"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.22","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.22"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41387","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41387"},{"reference_url":"https://github.com/advisories/GHSA-j7p2-qcwm-94v4","reference_id":"GHSA-j7p2-qcwm-94v4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j7p2-qcwm-94v4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j7p2-qcwm-94v4","reference_id":"GHSA-j7p2-qcwm-94v4","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-30T12:50:39Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j7p2-qcwm-94v4"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-supply-chain-redirection-via-incomplete-host-environment-sanitization","reference_id":"openclaw-supply-chain-redirection-via-incomplete-host-environment-sanitization","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-30T12:50:39Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-supply-chain-redirection-via-incomplete-host-environment-sanitization"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-41387","GHSA-j7p2-qcwm-94v4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fjf-yjn7-qkbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360124?format=json","vulnerability_id":"VCID-6g13-hcrk-xucm","summary":"OpenClaw: Exec approval allowlist patterns overmatched on POSIX paths\n### Summary\n\n`matchesExecAllowlistPattern` normalized patterns and targets with lowercasing and compiled glob matching too broadly on POSIX. In addition, the `?` wildcard could match `/`, which allowed matches to cross path segments.\n\n### Impact\n\nThese matching rules could overmatch allowlist entries and permit commands or executable paths that an operator did not intend to approve.\n\n### Affected versions\n\n`openclaw` `<= 2026.3.8`\n\n### Patch\n\nFixed in `openclaw` `2026.3.11` and included in later releases such as `2026.3.12`. Exec allowlist matching now respects the intended path semantics, and regression tests cover the POSIX case-folding and slash-crossing cases.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-f8r2-vg7x-gh8m","reference_id":"GHSA-f8r2-vg7x-gh8m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f8r2-vg7x-gh8m"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f8r2-vg7x-gh8m","reference_id":"GHSA-f8r2-vg7x-gh8m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f8r2-vg7x-gh8m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-f8r2-vg7x-gh8m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6g13-hcrk-xucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359796?format=json","vulnerability_id":"VCID-6hav-n44a-dkeu","summary":"OpenClaw: `session_status` still bypasses configured `tools.sessions.visibility` for unsandboxed invocations\n## Summary\n`session_status` still bypasses configured `tools.sessions.visibility` for unsandboxed invocations\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Real on shipped v2026.3.22: non-sandboxed session_status skipped the shared visibility guard, but this is a same-agent session-policy bypass with unreleased fix, not a broader host-boundary break.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `4d369a3400dc9b737fbe8daa63f09d909ce7beb8` — 2026-03-30T16:48:12+02:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @tdjackey for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-fwjq-xwfj-gv75","reference_id":"GHSA-fwjq-xwfj-gv75","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwjq-xwfj-gv75"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fwjq-xwfj-gv75","reference_id":"GHSA-fwjq-xwfj-gv75","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fwjq-xwfj-gv75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["GHSA-fwjq-xwfj-gv75"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hav-n44a-dkeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77419?format=json","vulnerability_id":"VCID-6hhg-fpqw-kye9","summary":"OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect metadata to bypass platform-based node command policies and gain access to restricted commands.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32014","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10505","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32014"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7d8aeaaf06e2e616545d2c2cec7fa27f36b59b6a","reference_id":"7d8aeaaf06e2e616545d2c2cec7fa27f36b59b6a","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T20:12:21Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7d8aeaaf06e2e616545d2c2cec7fa27f36b59b6a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32014","reference_id":"CVE-2026-32014","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32014"},{"reference_url":"https://github.com/advisories/GHSA-r65x-2hqr-j5hf","reference_id":"GHSA-r65x-2hqr-j5hf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r65x-2hqr-j5hf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r65x-2hqr-j5hf","reference_id":"GHSA-r65x-2hqr-j5hf","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T20:12:21Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r65x-2hqr-j5hf"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-node-reconnect-metadata-spoofing-via-unsigned-platform-fields","reference_id":"openclaw-node-reconnect-metadata-spoofing-via-unsigned-platform-fields","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T20:12:21Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-node-reconnect-metadata-spoofing-via-unsigned-platform-fields"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["CVE-2026-32014","GHSA-r65x-2hqr-j5hf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hhg-fpqw-kye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71650?format=json","vulnerability_id":"VCID-6vqt-8y4n-63h8","summary":"OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trustedProxies is configured, allowing attackers to spoof loopback hops. Remote attackers can inject forged forwarding headers to bypass canvas authentication and rate-limiting protections by masquerading as loopback clients.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35656","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45247","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35656"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35656","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35656"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:23:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4","reference_id":"fc2d29ea926f47c428c556e92ec981441228d2a4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:23:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4"},{"reference_url":"https://github.com/advisories/GHSA-844j-xrrq-wgh4","reference_id":"GHSA-844j-xrrq-wgh4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-844j-xrrq-wgh4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-844j-xrrq-wgh4","reference_id":"GHSA-844j-xrrq-wgh4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:23:19Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-844j-xrrq-wgh4"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-xff-loopback-spoofing-bypass-in-canvas-authentication-and-rate-limiter","reference_id":"openclaw-xff-loopback-spoofing-bypass-in-canvas-authentication-and-rate-limiter","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:23:19Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-xff-loopback-spoofing-bypass-in-canvas-authentication-and-rate-limiter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35656","GHSA-844j-xrrq-wgh4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vqt-8y4n-63h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65524?format=json","vulnerability_id":"VCID-6w88-6bts-sudv","summary":"OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthorized gateway access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43585","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34398","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43585"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/66651","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/66651"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43585","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43585"},{"reference_url":"https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1ad85f3130f63b42443ce90f094","reference_id":"acd4e0a32f12e1ad85f3130f63b42443ce90f094","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/"}],"url":"https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1ad85f3130f63b42443ce90f094"},{"reference_url":"https://github.com/advisories/GHSA-xmxx-7p24-h892","reference_id":"GHSA-xmxx-7p24-h892","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xmxx-7p24-h892"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892","reference_id":"GHSA-xmxx-7p24-h892","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution","reference_id":"openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373280?format=json","purl":"pkg:npm/openclaw@2026.4.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15"}],"aliases":["CVE-2026-43585","GHSA-xmxx-7p24-h892"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6w88-6bts-sudv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71937?format=json","vulnerability_id":"VCID-71uy-yz3c-n3et","summary":"OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of service through resource exhaustion.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35627","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30919","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35627"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35627","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35627"},{"reference_url":"https://github.com/openclaw/openclaw/commit/1ee9611079e81b9122f4bed01abb3d9f56206c77","reference_id":"1ee9611079e81b9122f4bed01abb3d9f56206c77","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:31:53Z/"}],"url":"https://github.com/openclaw/openclaw/commit/1ee9611079e81b9122f4bed01abb3d9f56206c77"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:31:53Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/advisories/GHSA-65h8-27jh-q8wv","reference_id":"GHSA-65h8-27jh-q8wv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-65h8-27jh-q8wv"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv","reference_id":"GHSA-65h8-27jh-q8wv","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:31:53Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unauthenticated-cryptographic-work-in-nostr-inbound-dm-handling","reference_id":"openclaw-unauthenticated-cryptographic-work-in-nostr-inbound-dm-handling","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:31:53Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unauthenticated-cryptographic-work-in-nostr-inbound-dm-handling"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35627","GHSA-65h8-27jh-q8wv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71uy-yz3c-n3et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360174?format=json","vulnerability_id":"VCID-722e-beau-8kdc","summary":"Duplicate Advisory: OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-cfvj-7rx7-fc7c. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the media/inbound directory to overwrite arbitrary files on the host system outside sandbox boundaries.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31990","reference_id":"CVE-2026-31990","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31990"},{"reference_url":"https://github.com/advisories/GHSA-2cwr-f5hx-gg3w","reference_id":"GHSA-2cwr-f5hx-gg3w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2cwr-f5hx-gg3w"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cfvj-7rx7-fc7c","reference_id":"GHSA-cfvj-7rx7-fc7c","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cfvj-7rx7-fc7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/960740?format=json","purl":"pkg:npm/openclaw@2026.3.2-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2-beta.1"}],"aliases":["GHSA-2cwr-f5hx-gg3w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-722e-beau-8kdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360026?format=json","vulnerability_id":"VCID-7a1r-hefj-pfg4","summary":"Duplicate Advisory: Signal group allowlist authorization bypass via DM pairing-store leakage\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-wm8r-w8pf-2v6w. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain unauthorized group access.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31991","reference_id":"CVE-2026-31991","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31991"},{"reference_url":"https://github.com/advisories/GHSA-r849-826x-wgqm","reference_id":"GHSA-r849-826x-wgqm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r849-826x-wgqm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wm8r-w8pf-2v6w","reference_id":"GHSA-wm8r-w8pf-2v6w","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wm8r-w8pf-2v6w"}],"fixed_packages":[],"aliases":["GHSA-r849-826x-wgqm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7a1r-hefj-pfg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71877?format=json","vulnerability_id":"VCID-7bpx-6g2s-8kfd","summary":"OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35648","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10875","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35648"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35648","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35648"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:46:09Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2","reference_id":"ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:46:09Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2"},{"reference_url":"https://github.com/advisories/GHSA-wj55-88gf-x564","reference_id":"GHSA-wj55-88gf-x564","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wj55-88gf-x564"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wj55-88gf-x564","reference_id":"GHSA-wj55-88gf-x564","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:46:09Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wj55-88gf-x564"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-policy-bypass-via-unvalidated-queued-node-actions","reference_id":"openclaw-policy-bypass-via-unvalidated-queued-node-actions","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:46:09Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-policy-bypass-via-unvalidated-queued-node-actions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35648","GHSA-wj55-88gf-x564"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bpx-6g2s-8kfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360043?format=json","vulnerability_id":"VCID-7dbw-4jba-83a4","summary":"Duplicate Advisory: OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-g353-mgv3-8pcj. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution by reaching the webhook endpoint.","references":[{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g353-mgv3-8pcj","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g353-mgv3-8pcj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32974","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32974"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-forged-event-injection-via-feishu-webhook-verification-token","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-forged-event-injection-via-feishu-webhook-verification-token"},{"reference_url":"https://github.com/advisories/GHSA-vjqw-w5jr-g9w5","reference_id":"GHSA-vjqw-w5jr-g9w5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vjqw-w5jr-g9w5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["GHSA-vjqw-w5jr-g9w5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7dbw-4jba-83a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360171?format=json","vulnerability_id":"VCID-7gjj-xzp6-mqcx","summary":"OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent`\n## Summary\nIn affected versions of `openclaw`, a gateway caller with `operator.write` could issue `agent` requests containing `/new` or `/reset` and reach the same reset path used by the admin-only `sessions.reset` RPC.\n\n## Impact\nOn gateways where a caller is intentionally granted `operator.write` but not `operator.admin`, that caller could reset targeted conversation state through `agent` slash commands. This crosses the documented method-scope boundary between write-scoped messaging and admin-only session mutation.\n\n## Affected Packages and Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.3.8`\n- Fixed in: `2026.3.11`\n\n## Technical Details\nScope checks were enforced only on the outer RPC method. The `agent` slash-command path reused admin-only reset logic internally, so a write-scoped caller could reach session-reset mutation without holding `operator.admin`.\n\n## Fix\nOpenClaw no longer routes conversation `/new` and `/reset` through the admin-only `sessions.reset` entry point. Reset logic now lives in a shared service, while `sessions.reset` remains admin-only. The fix shipped in `openclaw@2026.3.11`.\n\n## Workarounds\nUpgrade to `2026.3.11` or later.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jf6w-m8jw-jfxc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jf6w-m8jw-jfxc"},{"reference_url":"https://github.com/advisories/GHSA-jf6w-m8jw-jfxc","reference_id":"GHSA-jf6w-m8jw-jfxc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jf6w-m8jw-jfxc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-jf6w-m8jw-jfxc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gjj-xzp6-mqcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65593?format=json","vulnerability_id":"VCID-7j27-ndq2-mfht","summary":"OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections to arbitrary hosts and perform SSRF-style attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43576","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11782","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43576"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/60469","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/60469"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43576","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43576"},{"reference_url":"https://github.com/openclaw/openclaw/commit/bc356cc8c2beaa747c71dd86cceab8f804699665","reference_id":"bc356cc8c2beaa747c71dd86cceab8f804699665","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:30:18Z/"}],"url":"https://github.com/openclaw/openclaw/commit/bc356cc8c2beaa747c71dd86cceab8f804699665"},{"reference_url":"https://github.com/advisories/GHSA-f7fh-qg34-x2xh","reference_id":"GHSA-f7fh-qg34-x2xh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7fh-qg34-x2xh"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f7fh-qg34-x2xh","reference_id":"GHSA-f7fh-qg34-x2xh","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:30:18Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f7fh-qg34-x2xh"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-second-hop-ssrf-via-cdp-json-version-websocket-url","reference_id":"openclaw-second-hop-ssrf-via-cdp-json-version-websocket-url","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:30:18Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-second-hop-ssrf-via-cdp-json-version-websocket-url"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373918?format=json","purl":"pkg:npm/openclaw@2026.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-bpy3-pdqr-uube"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.5"}],"aliases":["CVE-2026-43576","GHSA-f7fh-qg34-x2xh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7j27-ndq2-mfht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212775?format=json","vulnerability_id":"VCID-7kyj-gddz-gkfb","summary":"OpenClaw's hooks count non-POST requests toward auth lockout","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/44820dceadac65ac7c0ce8fc0ffba8c2bd9fae89","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/44820dceadac65ac7c0ce8fc0ffba8c2bd9fae89"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"},{"reference_url":"https://github.com/advisories/GHSA-6rmx-gvvg-vh6j","reference_id":"GHSA-6rmx-gvvg-vh6j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6rmx-gvvg-vh6j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6rmx-gvvg-vh6j","reference_id":"GHSA-6rmx-gvvg-vh6j","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6rmx-gvvg-vh6j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40410?format=json","purl":"pkg:npm/openclaw@2026.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.7"}],"aliases":["GHSA-6rmx-gvvg-vh6j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kyj-gddz-gkfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81144?format=json","vulnerability_id":"VCID-7r7v-pvsj-uyaw","summary":"OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can exploit the mixed WebSocket authentication flow to bypass rate limiting controls and conduct brute force attacks against weak shared passwords.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41333","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23408","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41333"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/commit/af0c0862f22ca4492406a3103d05e3628f94cbe9","reference_id":"af0c0862f22ca4492406a3103d05e3628f94cbe9","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:35:25Z/"}],"url":"https://github.com/openclaw/openclaw/commit/af0c0862f22ca4492406a3103d05e3628f94cbe9"},{"reference_url":"https://github.com/advisories/GHSA-6p8r-6m93-557f","reference_id":"GHSA-6p8r-6m93-557f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6p8r-6m93-557f"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6p8r-6m93-557f","reference_id":"GHSA-6p8r-6m93-557f","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:35:25Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6p8r-6m93-557f"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authentication-rate-limiting-bypass-via-fake-devicetoken","reference_id":"openclaw-authentication-rate-limiting-bypass-via-fake-devicetoken","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:35:25Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authentication-rate-limiting-bypass-via-fake-devicetoken"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41333","GHSA-6p8r-6m93-557f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7r7v-pvsj-uyaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80619?format=json","vulnerability_id":"VCID-7rcc-8g5p-3ydv","summary":"OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during upload_image operations to read arbitrary files outside configured localRoots boundaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41363","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18416","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41363"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/764394c78b6c22c5b53c3cd132d27ff36340bf45","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/764394c78b6c22c5b53c3cd132d27ff36340bf45"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41363","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41363"},{"reference_url":"https://github.com/advisories/GHSA-qf48-qfv4-jjm9","reference_id":"GHSA-qf48-qfv4-jjm9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qf48-qfv4-jjm9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qf48-qfv4-jjm9","reference_id":"GHSA-qf48-qfv4-jjm9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:01:12Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qf48-qfv4-jjm9"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-feishu-upload-image-parameter","reference_id":"openclaw-arbitrary-file-read-via-feishu-upload-image-parameter","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:01:12Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-feishu-upload-image-parameter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41363","GHSA-qf48-qfv4-jjm9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7rcc-8g5p-3ydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74779?format=json","vulnerability_id":"VCID-7v88-gh66-ybgd","summary":"OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34503","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02705","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34503"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34503","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34503"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7a801cc451e9e667b705eeccff651923a1b8c863","reference_id":"7a801cc451e9e667b705eeccff651923a1b8c863","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:12:24Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7a801cc451e9e667b705eeccff651923a1b8c863"},{"reference_url":"https://github.com/advisories/GHSA-2pr2-hcv6-7gwv","reference_id":"GHSA-2pr2-hcv6-7gwv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2pr2-hcv6-7gwv"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2pr2-hcv6-7gwv","reference_id":"GHSA-2pr2-hcv6-7gwv","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:12:24Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2pr2-hcv6-7gwv"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-on-device-removal-and-token-revocation","reference_id":"openclaw-incomplete-websocket-session-termination-on-device-removal-and-token-revocation","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:12:24Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-on-device-removal-and-token-revocation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-34503","GHSA-2pr2-hcv6-7gwv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7v88-gh66-ybgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360163?format=json","vulnerability_id":"VCID-812y-rb9q-m7eu","summary":"OpenClaw: Gateway HTTP /sessions/:sessionKey/kill Reaches Admin Kill Path Without Caller Scope Binding\n## Summary\n\nGateway HTTP /sessions/:sessionKey/kill Reaches Admin Kill Path Without Caller Scope Binding.\n\n## Details\n\nThe HTTP route previously treated any bearer-authenticated request as admin-eligible and could call without binding the action to requester ownership or caller-granted operator scopes. The flaw removes the bearer-token admin fallback and keeps remote session kills on the local-admin or requester-owned path only.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-9p93-7j67-5pc2","reference_id":"GHSA-9p93-7j67-5pc2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9p93-7j67-5pc2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9p93-7j67-5pc2","reference_id":"GHSA-9p93-7j67-5pc2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9p93-7j67-5pc2"}],"fixed_packages":[],"aliases":["GHSA-9p93-7j67-5pc2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-812y-rb9q-m7eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65490?format=json","vulnerability_id":"VCID-82aq-wxf5-aka8","summary":"OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43527","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12246","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43527"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/66354","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/66354"},{"reference_url":"https://github.com/openclaw/openclaw/pull/66386","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/66386"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43527","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43527"},{"reference_url":"https://github.com/openclaw/openclaw/commit/024f4614a1a1831406e763adc40ef226e3d5e9ed","reference_id":"024f4614a1a1831406e763adc40ef226e3d5e9ed","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/"}],"url":"https://github.com/openclaw/openclaw/commit/024f4614a1a1831406e763adc40ef226e3d5e9ed"},{"reference_url":"https://github.com/openclaw/openclaw/commit/1dabfef28db523e7de81edeb3dd689e9171236a2","reference_id":"1dabfef28db523e7de81edeb3dd689e9171236a2","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/"}],"url":"https://github.com/openclaw/openclaw/commit/1dabfef28db523e7de81edeb3dd689e9171236a2"},{"reference_url":"https://github.com/openclaw/openclaw/commit/213c36cf51121ef6c05cfccd78037371f968f31a","reference_id":"213c36cf51121ef6c05cfccd78037371f968f31a","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/"}],"url":"https://github.com/openclaw/openclaw/commit/213c36cf51121ef6c05cfccd78037371f968f31a"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7eecfa411df3d12e6b810e6ca5df47254fc3db3f","reference_id":"7eecfa411df3d12e6b810e6ca5df47254fc3db3f","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7eecfa411df3d12e6b810e6ca5df47254fc3db3f"},{"reference_url":"https://github.com/advisories/GHSA-53vx-pmqw-863c","reference_id":"GHSA-53vx-pmqw-863c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-53vx-pmqw-863c"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-53vx-pmqw-863c","reference_id":"GHSA-53vx-pmqw-863c","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-53vx-pmqw-863c"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-private-network-navigation","reference_id":"openclaw-server-side-request-forgery-via-private-network-navigation","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-private-network-navigation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373341?format=json","purl":"pkg:npm/openclaw@2026.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14"}],"aliases":["CVE-2026-43527","GHSA-53vx-pmqw-863c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-82aq-wxf5-aka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70360?format=json","vulnerability_id":"VCID-84ms-aakm-x3dc","summary":"OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42428","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05925","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42428"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42428","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42428"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:14:40Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-3vvq-q2qc-7rmp","reference_id":"GHSA-3vvq-q2qc-7rmp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vvq-q2qc-7rmp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3vvq-q2qc-7rmp","reference_id":"GHSA-3vvq-q2qc-7rmp","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:14:40Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3vvq-q2qc-7rmp"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-missing-integrity-verification-in-package-downloads","reference_id":"openclaw-missing-integrity-verification-in-package-downloads","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:14:40Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-missing-integrity-verification-in-package-downloads"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42428","GHSA-3vvq-q2qc-7rmp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84ms-aakm-x3dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71942?format=json","vulnerability_id":"VCID-86wa-z59e-xqgu","summary":"OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can repeatedly submit incorrect password guesses to the webhook endpoint to compromise authentication and gain unauthorized access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35623","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28542","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35623"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35623","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35623"},{"reference_url":"https://github.com/openclaw/openclaw/commit/5e08ce36d522a1c96df2bfe88e39303ae2643d92","reference_id":"5e08ce36d522a1c96df2bfe88e39303ae2643d92","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:54Z/"}],"url":"https://github.com/openclaw/openclaw/commit/5e08ce36d522a1c96df2bfe88e39303ae2643d92"},{"reference_url":"https://github.com/advisories/GHSA-xq8g-hgh6-87hv","reference_id":"GHSA-xq8g-hgh6-87hv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xq8g-hgh6-87hv"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xq8g-hgh6-87hv","reference_id":"GHSA-xq8g-hgh6-87hv","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:54Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xq8g-hgh6-87hv"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-webhook-password-rate-limiting","reference_id":"openclaw-brute-force-attack-via-missing-webhook-password-rate-limiting","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:54Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-webhook-password-rate-limiting"}],"fixed_packages":[],"aliases":["CVE-2026-35623","GHSA-xq8g-hgh6-87hv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86wa-z59e-xqgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359886?format=json","vulnerability_id":"VCID-8d4y-8k53-tqe8","summary":"Duplicate Advisory: OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-vfg3-pqpq-93m4. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorization validation occurs.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35637","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35637"},{"reference_url":"https://github.com/advisories/GHSA-p6j4-wvmc-vx2h","reference_id":"GHSA-p6j4-wvmc-vx2h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p6j4-wvmc-vx2h"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4","reference_id":"GHSA-vfg3-pqpq-93m4","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["GHSA-p6j4-wvmc-vx2h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8d4y-8k53-tqe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360192?format=json","vulnerability_id":"VCID-8ezv-nxwq-q3b1","summary":"Duplicate Advisory: OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-r9q5-c7qc-p26w. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing and cause integrity or availability issues.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28449","reference_id":"CVE-2026-28449","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28449"},{"reference_url":"https://github.com/advisories/GHSA-866c-wwm5-4rj7","reference_id":"GHSA-866c-wwm5-4rj7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-866c-wwm5-4rj7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r9q5-c7qc-p26w","reference_id":"GHSA-r9q5-c7qc-p26w","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r9q5-c7qc-p26w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/955420?format=json","purl":"pkg:npm/openclaw@2026.2.25-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25-beta.1"}],"aliases":["GHSA-866c-wwm5-4rj7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ezv-nxwq-q3b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359778?format=json","vulnerability_id":"VCID-8h62-5c5b-cbdt","summary":"OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nFeishu card-action callbacks could synthesize a message event with DM conversations classified as group conversations. That skipped `dmPolicy` enforcement for card actions, so a sender in a Feishu DM could trigger card-action flows that should have been blocked by a restrictive DM policy.\n\nThe issue is limited to Feishu card-action handling. Severity is medium.\n\n## Fix\n\nOpenClaw now resolves Feishu card-action chat type before dispatch, including API lookup when stored context is unavailable, and avoids falling through to group handling for DMs.\n\nFix commit:\n\n- `90979d7c3ef7ec30b9f8aa6963a5e38d2f17d166`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-72q8-jcmc-97wx","reference_id":"GHSA-72q8-jcmc-97wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72q8-jcmc-97wx"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-72q8-jcmc-97wx","reference_id":"GHSA-72q8-jcmc-97wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-72q8-jcmc-97wx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-72q8-jcmc-97wx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8h62-5c5b-cbdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80840?format=json","vulnerability_id":"VCID-8h7u-pr1w-z7df","summary":"OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GIT_DIR and related variables to redirect git operations and compromise repository integrity.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41915","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04665","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41915"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41915","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41915"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:15:09Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-cm8v-2vh9-cxf3","reference_id":"GHSA-cm8v-2vh9-cxf3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cm8v-2vh9-cxf3"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cm8v-2vh9-cxf3","reference_id":"GHSA-cm8v-2vh9-cxf3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:15:09Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cm8v-2vh9-cxf3"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-git-environment-variable-injection-via-unfiltered-exec-environment","reference_id":"openclaw-git-environment-variable-injection-via-unfiltered-exec-environment","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:15:09Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-git-environment-variable-injection-via-unfiltered-exec-environment"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-41915","GHSA-cm8v-2vh9-cxf3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8h7u-pr1w-z7df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75180?format=json","vulnerability_id":"VCID-8k93-nveu-fbem","summary":"OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34426","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1762","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34426"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34426","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34426"},{"reference_url":"https://github.com/openclaw/openclaw/pull/59182","reference_id":"59182","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:16:50Z/"}],"url":"https://github.com/openclaw/openclaw/pull/59182"},{"reference_url":"https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7","reference_id":"b57b680c0c34de907d57f60c38fb358e82aef8f7","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:16:50Z/"}],"url":"https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47","reference_id":"GHSA-98ch-45wp-ch47","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:16:50Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47"},{"reference_url":"https://github.com/advisories/GHSA-h3x4-hc5v-v2gm","reference_id":"GHSA-h3x4-hc5v-v2gm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h3x4-hc5v-v2gm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h3x4-hc5v-v2gm","reference_id":"GHSA-h3x4-hc5v-v2gm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h3x4-hc5v-v2gm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-environment-variable-normalization","reference_id":"openclaw-approval-bypass-via-environment-variable-normalization","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:16:50Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-environment-variable-normalization"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-34426","GHSA-h3x4-hc5v-v2gm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8k93-nveu-fbem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75092?format=json","vulnerability_id":"VCID-8n16-rgcn-2bey","summary":"OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling systematic secret guessing and subsequent forged webhook submission.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34505","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05844","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34505"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/f96ba87f033a14183fa0ede912df3a592eef55ff","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/f96ba87f033a14183fa0ede912df3a592eef55ff"},{"reference_url":"https://github.com/openclaw/openclaw/pull/44173","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/44173"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34505","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34505"},{"reference_url":"https://github.com/advisories/GHSA-5m9r-p9g7-679c","reference_id":"GHSA-5m9r-p9g7-679c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5m9r-p9g7-679c"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5m9r-p9g7-679c","reference_id":"GHSA-5m9r-p9g7-679c","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T13:53:27Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5m9r-p9g7-679c"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-webhook-rate-limiting-bypass-via-pre-authentication-secret-validation","reference_id":"openclaw-webhook-rate-limiting-bypass-via-pre-authentication-secret-validation","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T13:53:27Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-webhook-rate-limiting-bypass-via-pre-authentication-secret-validation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["CVE-2026-34505","GHSA-5m9r-p9g7-679c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8n16-rgcn-2bey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81098?format=json","vulnerability_id":"VCID-8sps-h6k2-43c9","summary":"OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or manipulate package management operations by injecting malicious index URLs through unsanitized environment variables.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41391","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04665","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41391"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41391","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41391"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7ae1bb0c7799fd0cbd2d4de7b0f5b8039837ab8d","reference_id":"7ae1bb0c7799fd0cbd2d4de7b0f5b8039837ab8d","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:25:34Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7ae1bb0c7799fd0cbd2d4de7b0f5b8039837ab8d"},{"reference_url":"https://github.com/advisories/GHSA-7ggg-pvrf-458v","reference_id":"GHSA-7ggg-pvrf-458v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7ggg-pvrf-458v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7ggg-pvrf-458v","reference_id":"GHSA-7ggg-pvrf-458v","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:25:34Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7ggg-pvrf-458v"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-bypass-in-package-index-url-handling","reference_id":"openclaw-environment-variable-bypass-in-package-index-url-handling","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:25:34Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-bypass-in-package-index-url-handling"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41391","GHSA-7ggg-pvrf-458v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8sps-h6k2-43c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360079?format=json","vulnerability_id":"VCID-8x1d-qnqk-7qcz","summary":"Duplicate Advisory: OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-7fcc-cw49-xm78. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arguments to execute arbitrary commands when subprocess launch fails with EINVAL or ENOENT errors.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32000","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32000"},{"reference_url":"https://github.com/advisories/GHSA-5rp4-cwgh-gvwq","reference_id":"GHSA-5rp4-cwgh-gvwq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5rp4-cwgh-gvwq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7fcc-cw49-xm78","reference_id":"GHSA-7fcc-cw49-xm78","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7fcc-cw49-xm78"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["GHSA-5rp4-cwgh-gvwq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8x1d-qnqk-7qcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80839?format=json","vulnerability_id":"VCID-925q-556p-q3f6","summary":"OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41914","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11169","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41914"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41914","reference_id":"CVE-2026-41914","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41914"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:55:12Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-3fv3-6p2v-gxwj","reference_id":"GHSA-3fv3-6p2v-gxwj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3fv3-6p2v-gxwj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3fv3-6p2v-gxwj","reference_id":"GHSA-3fv3-6p2v-gxwj","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:55:12Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3fv3-6p2v-gxwj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qq-bot-media-fetch-paths","reference_id":"openclaw-server-side-request-forgery-in-qq-bot-media-fetch-paths","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:55:12Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qq-bot-media-fetch-paths"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-41914","GHSA-3fv3-6p2v-gxwj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-925q-556p-q3f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77557?format=json","vulnerability_id":"VCID-95y2-eute-yyfm","summary":"OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32043","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0112","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32043"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32043","reference_id":"CVE-2026-32043","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32043"},{"reference_url":"https://github.com/openclaw/openclaw/commit/f789f880c934caa8be25b38832f27f90f37903db","reference_id":"f789f880c934caa8be25b38832f27f90f37903db","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T18:55:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/f789f880c934caa8be25b38832f27f90f37903db"},{"reference_url":"https://github.com/advisories/GHSA-mwcg-wfq3-4gjc","reference_id":"GHSA-mwcg-wfq3-4gjc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwcg-wfq3-4gjc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjc","reference_id":"GHSA-mwcg-wfq3-4gjc","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T18:55:58Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-via-mutable-symlink-in-system-run-cwd-parameter","reference_id":"openclaw-time-of-check-time-of-use-via-mutable-symlink-in-system-run-cwd-parameter","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T18:55:58Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-via-mutable-symlink-in-system-run-cwd-parameter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["CVE-2026-32043","GHSA-mwcg-wfq3-4gjc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95y2-eute-yyfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360195?format=json","vulnerability_id":"VCID-9csu-c6t3-3kak","summary":"Duplicate Advisory: OpenClaw Telegram webhook request bodies were read before secret validation, enabling unauthenticated resource exhaustion\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-jq3f-vjww-8rq7. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket time, and JSON parsing work before authentication validation occurs.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32980","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32980"},{"reference_url":"https://github.com/advisories/GHSA-c447-w54g-f55j","reference_id":"GHSA-c447-w54g-f55j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c447-w54g-f55j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jq3f-vjww-8rq7","reference_id":"GHSA-jq3f-vjww-8rq7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jq3f-vjww-8rq7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/966592?format=json","purl":"pkg:npm/openclaw@2026.3.13-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.13-beta.1"}],"aliases":["GHSA-c447-w54g-f55j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9csu-c6t3-3kak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360170?format=json","vulnerability_id":"VCID-9jhp-q7y2-8qdu","summary":"Duplicate Advisory: OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-5f9p-f3w2-fwch. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass incomplete allowlist validation and execute arbitrary commands on the paired host.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31993","reference_id":"CVE-2026-31993","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31993"},{"reference_url":"https://github.com/advisories/GHSA-5326-6f73-m96w","reference_id":"GHSA-5326-6f73-m96w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5326-6f73-m96w"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5f9p-f3w2-fwch","reference_id":"GHSA-5f9p-f3w2-fwch","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5f9p-f3w2-fwch"}],"fixed_packages":[],"aliases":["GHSA-5326-6f73-m96w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jhp-q7y2-8qdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80609?format=json","vulnerability_id":"VCID-9pv2-ufhu-w7g1","summary":"OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41355","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02645","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41355"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41355","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41355"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1","reference_id":"c02ee8a3a4cb390b23afdf21317aa8b2096854d1","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T14:22:04Z/"}],"url":"https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1"},{"reference_url":"https://github.com/advisories/GHSA-42mx-vp8m-j7qh","reference_id":"GHSA-42mx-vp8m-j7qh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-42mx-vp8m-j7qh"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-42mx-vp8m-j7qh","reference_id":"GHSA-42mx-vp8m-j7qh","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T14:22:04Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-42mx-vp8m-j7qh"},{"reference_url":"https://www.vulncheck.com/advisories/openshell-arbitrary-code-execution-via-mirror-mode-sandbox-file-conversion","reference_id":"openshell-arbitrary-code-execution-via-mirror-mode-sandbox-file-conversion","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T14:22:04Z/"}],"url":"https://www.vulncheck.com/advisories/openshell-arbitrary-code-execution-via-mirror-mode-sandbox-file-conversion"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41355","GHSA-42mx-vp8m-j7qh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9pv2-ufhu-w7g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67767?format=json","vulnerability_id":"VCID-9u9n-s6sc-2bhw","summary":"OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthorized access to internal resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44116","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15225","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44116"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44116","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44116"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f","reference_id":"a65eb1b864b7630c1242a82de9e5799b80583c3f","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f"},{"reference_url":"https://github.com/advisories/GHSA-2hh7-c75g-qj2r","reference_id":"GHSA-2hh7-c75g-qj2r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2hh7-c75g-qj2r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r","reference_id":"GHSA-2hh7-c75g-qj2r","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation","reference_id":"openclaw-server-side-request-forgery-in-zalo-photo-url-validation","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44116","GHSA-2hh7-c75g-qj2r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u9n-s6sc-2bhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359888?format=json","vulnerability_id":"VCID-9vbr-88pv-hudj","summary":"OpenClaw: QQ Bot structured payloads could read arbitrary local files\n## Summary\n\nBefore OpenClaw 2026.4.2, QQ Bot structured media payloads could read local files from attacker-chosen paths. A crafted structured payload could escape QQ Bot-owned media roots and cause arbitrary file reads on the host.\n\n## Impact\n\nPrompt-influenced structured payload output could exfiltrate any host file readable by the OpenClaw process through the QQ Bot media-send path. This was a real confidentiality bug on the host filesystem boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `2c45b06afdd6f7c621038b5419d8e661cff34a7f` — restrict QQ Bot structured payload local paths\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @feiyang666 of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2c45b06afdd6f7c621038b5419d8e661cff34a7f","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/2c45b06afdd6f7c621038b5419d8e661cff34a7f"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-846p-hgpv-vphc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-846p-hgpv-vphc"},{"reference_url":"https://github.com/advisories/GHSA-846p-hgpv-vphc","reference_id":"GHSA-846p-hgpv-vphc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-846p-hgpv-vphc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["GHSA-846p-hgpv-vphc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vbr-88pv-hudj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360160?format=json","vulnerability_id":"VCID-9wbp-zj23-fyg4","summary":"Duplicate Advisory: OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-xgf2-vxv2-rrmg. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv to achieve arbitrary code execution before allowlist-evaluated commands are executed.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32056","reference_id":"CVE-2026-32056","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32056"},{"reference_url":"https://github.com/advisories/GHSA-rj39-33v7-9xrq","reference_id":"GHSA-rj39-33v7-9xrq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rj39-33v7-9xrq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xgf2-vxv2-rrmg","reference_id":"GHSA-xgf2-vxv2-rrmg","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xgf2-vxv2-rrmg"}],"fixed_packages":[],"aliases":["GHSA-rj39-33v7-9xrq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wbp-zj23-fyg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70510?format=json","vulnerability_id":"VCID-9xv8-jtc8-ekcr","summary":"OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval, circumventing the intended security boundary.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42423","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17398","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42423"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42423","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42423"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-30T12:55:43Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-q2gc-xjqw-qp89","reference_id":"GHSA-q2gc-xjqw-qp89","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q2gc-xjqw-qp89"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q2gc-xjqw-qp89","reference_id":"GHSA-q2gc-xjqw-qp89","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-30T12:55:43Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q2gc-xjqw-qp89"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-strictinlineeval-approval-boundary-bypass-via-approval-timeout-fallback","reference_id":"openclaw-strictinlineeval-approval-boundary-bypass-via-approval-timeout-fallback","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-30T12:55:43Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-strictinlineeval-approval-boundary-bypass-via-approval-timeout-fallback"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42423","GHSA-q2gc-xjqw-qp89"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xv8-jtc8-ekcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65573?format=json","vulnerability_id":"VCID-9zkk-mp8b-kbbg","summary":"OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to pivot to internal resources via unallowlisted hostname URLs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43582","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11567","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43582"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/64367","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/64367"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43582","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43582"},{"reference_url":"https://github.com/openclaw/openclaw/commit/121c452d666d4749744dc2089287d0227aae2ed3","reference_id":"121c452d666d4749744dc2089287d0227aae2ed3","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:43Z/"}],"url":"https://github.com/openclaw/openclaw/commit/121c452d666d4749744dc2089287d0227aae2ed3"},{"reference_url":"https://github.com/advisories/GHSA-xq94-r468-qwgj","reference_id":"GHSA-xq94-r468-qwgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xq94-r468-qwgj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xq94-r468-qwgj","reference_id":"GHSA-xq94-r468-qwgj","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:43Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xq94-r468-qwgj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-dns-rebinding-ssrf-via-hostname-validation-bypass","reference_id":"openclaw-dns-rebinding-ssrf-via-hostname-validation-bypass","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:43Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-dns-rebinding-ssrf-via-hostname-validation-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["CVE-2026-43582","GHSA-xq94-r468-qwgj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zkk-mp8b-kbbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70333?format=json","vulnerability_id":"VCID-a4pw-9uzw-47ge","summary":"OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated media.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42424","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08697","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42424"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42424","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42424"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:12:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-qqq7-4hxc-x63c","reference_id":"GHSA-qqq7-4hxc-x63c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqq7-4hxc-x63c"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qqq7-4hxc-x63c","reference_id":"GHSA-qqq7-4hxc-x63c","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:12:58Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qqq7-4hxc-x63c"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-local-file-exfiltration-via-shared-reply-media-paths","reference_id":"openclaw-local-file-exfiltration-via-shared-reply-media-paths","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:12:58Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-local-file-exfiltration-via-shared-reply-media-paths"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42424","GHSA-qqq7-4hxc-x63c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4pw-9uzw-47ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77785?format=json","vulnerability_id":"VCID-a7hc-rue8-13eb","summary":"OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots despite configured allowlist restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33578","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02168","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33578"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33578","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33578"},{"reference_url":"https://github.com/openclaw/openclaw/commit/e64a881ae0fb8af18e451163f4c2d611d60cc8e4","reference_id":"e64a881ae0fb8af18e451163f4c2d611d60cc8e4","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:25Z/"}],"url":"https://github.com/openclaw/openclaw/commit/e64a881ae0fb8af18e451163f4c2d611d60cc8e4"},{"reference_url":"https://github.com/advisories/GHSA-63mg-xp9j-jfcm","reference_id":"GHSA-63mg-xp9j-jfcm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-63mg-xp9j-jfcm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-63mg-xp9j-jfcm","reference_id":"GHSA-63mg-xp9j-jfcm","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:25Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-63mg-xp9j-jfcm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sender-policy-allowlist-bypass-via-policy-downgrade-in-google-chat-and-zalouser-extensions","reference_id":"openclaw-sender-policy-allowlist-bypass-via-policy-downgrade-in-google-chat-and-zalouser-extensions","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:25Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sender-policy-allowlist-bypass-via-policy-downgrade-in-google-chat-and-zalouser-extensions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-33578","GHSA-63mg-xp9j-jfcm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7hc-rue8-13eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80845?format=json","vulnerability_id":"VCID-a9q6-xpjm-6yfd","summary":"OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass access controls by sending proxied requests that are incorrectly identified as local loopback traffic, circumventing intended remote viewer restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41403","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19129","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41403"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41403","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41403"},{"reference_url":"https://github.com/openclaw/openclaw/commit/30a1690323088fd291abd11643a264a6828a002c","reference_id":"30a1690323088fd291abd11643a264a6828a002c","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:09:33Z/"}],"url":"https://github.com/openclaw/openclaw/commit/30a1690323088fd291abd11643a264a6828a002c"},{"reference_url":"https://github.com/advisories/GHSA-3xv9-89fm-7h4r","reference_id":"GHSA-3xv9-89fm-7h4r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3xv9-89fm-7h4r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3xv9-89fm-7h4r","reference_id":"GHSA-3xv9-89fm-7h4r","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:09:33Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3xv9-89fm-7h4r"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-access-control-bypass-via-proxied-remote-request-misclassification","reference_id":"openclaw-access-control-bypass-via-proxied-remote-request-misclassification","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:09:33Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-access-control-bypass-via-proxied-remote-request-misclassification"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41403","GHSA-3xv9-89fm-7h4r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9q6-xpjm-6yfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77175?format=json","vulnerability_id":"VCID-adnz-kugc-63e6","summary":"OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to execute a different binary than what the approver displayed, allowing unexpected command execution under the OpenClaw runtime user when they can influence command argv and reuse an approval context.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32065","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15569","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32065"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/03e689fc89bbecbcd02876a95957ef1ad9caa176","reference_id":"03e689fc89bbecbcd02876a95957ef1ad9caa176","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:38:03Z/"}],"url":"https://github.com/openclaw/openclaw/commit/03e689fc89bbecbcd02876a95957ef1ad9caa176"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32065","reference_id":"CVE-2026-32065","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32065"},{"reference_url":"https://github.com/advisories/GHSA-hwpq-rrpf-pgcq","reference_id":"GHSA-hwpq-rrpf-pgcq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hwpq-rrpf-pgcq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hwpq-rrpf-pgcq","reference_id":"GHSA-hwpq-rrpf-pgcq","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:38:03Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hwpq-rrpf-pgcq"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-approval-identity-mismatch-in-system-run-command-execution","reference_id":"openclaw-approval-identity-mismatch-in-system-run-command-execution","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:38:03Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-approval-identity-mismatch-in-system-run-command-execution"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["CVE-2026-32065","GHSA-hwpq-rrpf-pgcq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-adnz-kugc-63e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77133?format=json","vulnerability_id":"VCID-ae96-b8bt-43bv","summary":"OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-force attacks against the gateway to establish an authenticated operator session and invoke control-plane methods.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32025","reference_id":"","reference_type":"","scores":[{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.28742","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32025"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c736f11a16d6bc27ea62a0fe40fffae4cb071fdb","reference_id":"c736f11a16d6bc27ea62a0fe40fffae4cb071fdb","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T18:03:46Z/"}],"url":"https://github.com/openclaw/openclaw/commit/c736f11a16d6bc27ea62a0fe40fffae4cb071fdb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32025","reference_id":"CVE-2026-32025","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32025"},{"reference_url":"https://github.com/advisories/GHSA-jmmg-jqc7-5qf4","reference_id":"GHSA-jmmg-jqc7-5qf4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmmg-jqc7-5qf4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jmmg-jqc7-5qf4","reference_id":"GHSA-jmmg-jqc7-5qf4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T18:03:46Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jmmg-jqc7-5qf4"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-password-brute-force-via-browser-origin-websocket-authentication-bypass","reference_id":"openclaw-password-brute-force-via-browser-origin-websocket-authentication-bypass","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T18:03:46Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-password-brute-force-via-browser-origin-websocket-authentication-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["CVE-2026-32025","GHSA-jmmg-jqc7-5qf4"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ae96-b8bt-43bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84261?format=json","vulnerability_id":"VCID-aegc-6ab1-k7hk","summary":"OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to unintended origins.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40037","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1148","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40037"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40037","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40037"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:40:02Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-qx8j-g322-qj6m","reference_id":"GHSA-qx8j-g322-qj6m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qx8j-g322-qj6m"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qx8j-g322-qj6m","reference_id":"GHSA-qx8j-g322-qj6m","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:40:02Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qx8j-g322-qj6m"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unsafe-request-body-replay-via-fetchwithssrfguard-cross-origin-redirects","reference_id":"openclaw-unsafe-request-body-replay-via-fetchwithssrfguard-cross-origin-redirects","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:40:02Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unsafe-request-body-replay-via-fetchwithssrfguard-cross-origin-redirects"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-40037","GHSA-qx8j-g322-qj6m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aegc-6ab1-k7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67838?format=json","vulnerability_id":"VCID-afjz-us2v-k7ak","summary":"OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44112","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11237","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44112"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44112","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44112"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76","reference_id":"7be82d4fd1193bcb7e44ee38838f00bf924ffa76","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76"},{"reference_url":"https://github.com/advisories/GHSA-wppj-c6mr-83jj","reference_id":"GHSA-wppj-c6mr-83jj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wppj-c6mr-83jj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj","reference_id":"GHSA-wppj-c6mr-83jj","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes","reference_id":"openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44112","GHSA-wppj-c6mr-83jj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afjz-us2v-k7ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359857?format=json","vulnerability_id":"VCID-agtk-z6cf-1bh7","summary":"OpenClaw: Image pixel-limit guard can fail open on sips and allow decompression-bomb DoS\n## Summary\nImage pixel-limit guard can fail open on sips and allow decompression-bomb DoS\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: Shipped v2026.3.28 image processing could fail open on oversized pixel counts and allow decompression-bomb DoS, an availability issue that is valid at medium.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `0ed4f8a72bb140045962e97ab01c94c076b758a4` — 2026-03-31T22:52:55+09:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/advisories/GHSA-w85g-3h6x-4xh2","reference_id":"GHSA-w85g-3h6x-4xh2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w85g-3h6x-4xh2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w85g-3h6x-4xh2","reference_id":"GHSA-w85g-3h6x-4xh2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w85g-3h6x-4xh2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["GHSA-w85g-3h6x-4xh2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agtk-z6cf-1bh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71679?format=json","vulnerability_id":"VCID-atc5-y6k6-zbg6","summary":"OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execute unauthorized actions through the Google Chat integration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35622","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22595","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35622"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35622","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35622"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:16:25Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66","reference_id":"a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:16:25Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66"},{"reference_url":"https://github.com/advisories/GHSA-mp66-rf4f-mhh8","reference_id":"GHSA-mp66-rf4f-mhh8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mp66-rf4f-mhh8"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mp66-rf4f-mhh8","reference_id":"GHSA-mp66-rf4f-mhh8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:16:25Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mp66-rf4f-mhh8"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-improper-authentication-verification-in-google-chat-webhook","reference_id":"openclaw-improper-authentication-verification-in-google-chat-webhook","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:16:25Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-improper-authentication-verification-in-google-chat-webhook"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35622","GHSA-mp66-rf4f-mhh8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atc5-y6k6-zbg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212689?format=json","vulnerability_id":"VCID-b194-drmd-hkbp","summary":"OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-jr6x-2q95-fh2g","reference_id":"GHSA-jr6x-2q95-fh2g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jr6x-2q95-fh2g"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jr6x-2q95-fh2g","reference_id":"GHSA-jr6x-2q95-fh2g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jr6x-2q95-fh2g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40062?format=json","purl":"pkg:npm/openclaw@2026.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cb88-xg59-e7dh"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xbsp-wcqs-4bf4"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.1"}],"aliases":["GHSA-jr6x-2q95-fh2g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b194-drmd-hkbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80686?format=json","vulnerability_id":"VCID-b3av-6zna-sugm","summary":"OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41300","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11201","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41300"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060","reference_id":"2a75416634837c21ed05b8c3ed906eb7a7807060","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:02:56Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41300","reference_id":"CVE-2026-41300","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41300"},{"reference_url":"https://github.com/advisories/GHSA-9f4w-67g7-mqwv","reference_id":"GHSA-9f4w-67g7-mqwv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9f4w-67g7-mqwv"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwv","reference_id":"GHSA-9f4w-67g7-mqwv","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:02:56Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwv"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding","reference_id":"openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:02:56Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41300","GHSA-9f4w-67g7-mqwv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3av-6zna-sugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78329?format=json","vulnerability_id":"VCID-b3nv-4pe7-fyhj","summary":"OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired nodes beyond their authorization level.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33577","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03525","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33577"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33577","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33577"},{"reference_url":"https://github.com/openclaw/openclaw/commit/4d7cc6bb4fac68b5a5fadd1c5a23168281221f34","reference_id":"4d7cc6bb4fac68b5a5fadd1c5a23168281221f34","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:41Z/"}],"url":"https://github.com/openclaw/openclaw/commit/4d7cc6bb4fac68b5a5fadd1c5a23168281221f34"},{"reference_url":"https://github.com/advisories/GHSA-2x4x-cc5g-qmmg","reference_id":"GHSA-2x4x-cc5g-qmmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2x4x-cc5g-qmmg"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2x4x-cc5g-qmmg","reference_id":"GHSA-2x4x-cc5g-qmmg","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:41Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2x4x-cc5g-qmmg"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-insufficient-scope-validation-in-node-pair-approve","reference_id":"openclaw-insufficient-scope-validation-in-node-pair-approve","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:41Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-insufficient-scope-validation-in-node-pair-approve"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-33577","GHSA-2x4x-cc5g-qmmg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3nv-4pe7-fyhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360106?format=json","vulnerability_id":"VCID-bbsf-dk9q-nqh3","summary":"OpenClaw: Sandbox dangling-symlink alias handling could bypass workspace-only write boundary\n### Summary\nA sandbox boundary-validation gap in symlink alias handling allowed certain workspace-only write paths to be treated as in-boundary even when they could resolve outside the workspace/sandbox root.\n\n### Affected Packages / Versions\n- Package: npm `openclaw`\n- Affected versions: `<= 2026.2.25`\n- Latest published npm version included in affected range: `2026.2.25` (checked on February 26, 2026)\n- Patched version (pre-set for release): `2026.2.26`\n\n### Technical Details\nIn affected versions, dangling symlink hops could be accepted during boundary checks under missing-target conditions. For workspace-only write flows (including `apply_patch`), this could allow writes to resolve outside the configured workspace/sandbox boundary.\n\nThe fix resolves symlink targets through existing ancestors and fails closed when canonical resolution escapes the configured boundary.\n\n### Impact\n- Boundary-confined write operations could be redirected outside the configured workspace/sandbox root.\n- Primary impact is integrity of host-side files reachable from that path resolution.\n\n### Fix Commit(s)\n- `4fd29a35bb85a1898ebff518364c467058b50e14`\n\n### Release Process Note\n`patched_versions` is pre-set to the planned next release (`2026.2.26`) so once npm `2026.2.26` is published, the advisory can be published without further field edits.\n\nThanks @tdjackey for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/4fd29a35bb85a1898ebff518364c467058b50e14","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/4fd29a35bb85a1898ebff518364c467058b50e14"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qcc4-p59m-p54m","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qcc4-p59m-p54m"},{"reference_url":"https://github.com/advisories/GHSA-qcc4-p59m-p54m","reference_id":"GHSA-qcc4-p59m-p54m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcc4-p59m-p54m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["GHSA-qcc4-p59m-p54m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbsf-dk9q-nqh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76938?format=json","vulnerability_id":"VCID-bddn-w4cm-9udq","summary":"OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set to off, bypassing runtime confinement restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32048","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06585","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32048"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32048","reference_id":"CVE-2026-32048","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32048"},{"reference_url":"https://github.com/advisories/GHSA-p7gr-f84w-hqg5","reference_id":"GHSA-p7gr-f84w-hqg5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p7gr-f84w-hqg5"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-p7gr-f84w-hqg5","reference_id":"GHSA-p7gr-f84w-hqg5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T13:42:36Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-p7gr-f84w-hqg5"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-cross-agent-sessions-spawn","reference_id":"openclaw-sandbox-escape-via-cross-agent-sessions-spawn","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T13:42:36Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-cross-agent-sessions-spawn"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40062?format=json","purl":"pkg:npm/openclaw@2026.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cb88-xg59-e7dh"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xbsp-wcqs-4bf4"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.1"}],"aliases":["CVE-2026-32048","GHSA-p7gr-f84w-hqg5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bddn-w4cm-9udq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80897?format=json","vulnerability_id":"VCID-bdx2-c7m3-xbfv","summary":"OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime actions intended for authorized operators.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41394","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26992","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41394"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41394","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41394"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2a1db0c0f1fa375004a95ba0ef030534790a6d47","reference_id":"2a1db0c0f1fa375004a95ba0ef030534790a6d47","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:51:37Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2a1db0c0f1fa375004a95ba0ef030534790a6d47"},{"reference_url":"https://github.com/advisories/GHSA-mhgq-xpfq-6r66","reference_id":"GHSA-mhgq-xpfq-6r66","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mhgq-xpfq-6r66"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mhgq-xpfq-6r66","reference_id":"GHSA-mhgq-xpfq-6r66","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:51:37Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mhgq-xpfq-6r66"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unauthorized-operator-scope-access-in-unauthenticated-plugin-auth-routes","reference_id":"openclaw-unauthorized-operator-scope-access-in-unauthenticated-plugin-auth-routes","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:51:37Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unauthorized-operator-scope-access-in-unauthenticated-plugin-auth-routes"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41394","GHSA-mhgq-xpfq-6r66"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdx2-c7m3-xbfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80716?format=json","vulnerability_id":"VCID-bfj1-xxkp-aubu","summary":"OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment settings during OpenClaw startup.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41294","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0352","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41294"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/6a793248024dca7685f63bcceb64a0096fd1586d","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/6a793248024dca7685f63bcceb64a0096fd1586d"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41294","reference_id":"CVE-2026-41294","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41294"},{"reference_url":"https://github.com/advisories/GHSA-8rh7-6779-cjqq","reference_id":"GHSA-8rh7-6779-cjqq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8rh7-6779-cjqq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8rh7-6779-cjqq","reference_id":"GHSA-8rh7-6779-cjqq","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:04:21Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8rh7-6779-cjqq"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-cwd-env-file","reference_id":"openclaw-environment-variable-injection-via-cwd-env-file","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:04:21Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-cwd-env-file"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41294","GHSA-8rh7-6779-cjqq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bfj1-xxkp-aubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80706?format=json","vulnerability_id":"VCID-bj4f-1qy4-33g7","summary":"OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables into the backend process spawning, enabling code execution or sensitive data exposure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41384","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03587","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41384"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41384","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41384"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c2fb7f1948c3226732a630256b5179a60664ec24","reference_id":"c2fb7f1948c3226732a630256b5179a60664ec24","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:11:06Z/"}],"url":"https://github.com/openclaw/openclaw/commit/c2fb7f1948c3226732a630256b5179a60664ec24"},{"reference_url":"https://github.com/advisories/GHSA-vfw7-6rhc-6xxg","reference_id":"GHSA-vfw7-6rhc-6xxg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfw7-6rhc-6xxg"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vfw7-6rhc-6xxg","reference_id":"GHSA-vfw7-6rhc-6xxg","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:11:06Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vfw7-6rhc-6xxg"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-config-in-cli-backend","reference_id":"openclaw-environment-variable-injection-via-workspace-config-in-cli-backend","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:11:06Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-config-in-cli-backend"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["CVE-2026-41384","GHSA-vfw7-6rhc-6xxg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bj4f-1qy4-33g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77049?format=json","vulnerability_id":"VCID-bn3j-q22a-aybg","summary":"OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including evaluate-capable actions without valid credentials.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32041","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06531","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32041"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32041","reference_id":"CVE-2026-32041","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32041"},{"reference_url":"https://github.com/advisories/GHSA-vpj2-69hf-rppw","reference_id":"GHSA-vpj2-69hf-rppw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vpj2-69hf-rppw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vpj2-69hf-rppw","reference_id":"GHSA-vpj2-69hf-rppw","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T17:51:39Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vpj2-69hf-rppw"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unauthenticated-browser-control-access-via-failed-auth-bootstrap","reference_id":"openclaw-unauthenticated-browser-control-access-via-failed-auth-bootstrap","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T17:51:39Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unauthenticated-browser-control-access-via-failed-auth-bootstrap"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40062?format=json","purl":"pkg:npm/openclaw@2026.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cb88-xg59-e7dh"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xbsp-wcqs-4bf4"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.1"}],"aliases":["CVE-2026-32041","GHSA-vpj2-69hf-rppw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bn3j-q22a-aybg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77812?format=json","vulnerability_id":"VCID-bnzw-duu7-7fgu","summary":"OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting authentication without throttling.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33580","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20006","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33580"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33580","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33580"},{"reference_url":"https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd","reference_id":"e403decb6e20091b5402780a7ccd2085f98aa3cd","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T17:18:43Z/"}],"url":"https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd"},{"reference_url":"https://github.com/advisories/GHSA-9528-x887-j2fp","reference_id":"GHSA-9528-x887-j2fp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9528-x887-j2fp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9528-x887-j2fp","reference_id":"GHSA-9528-x887-j2fp","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T17:18:43Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9528-x887-j2fp"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-rate-limiting-on-webhook-shared-secret-authentication","reference_id":"openclaw-brute-force-attack-via-missing-rate-limiting-on-webhook-shared-secret-authentication","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T17:18:43Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-rate-limiting-on-webhook-shared-secret-authentication"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-33580","GHSA-9528-x887-j2fp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bnzw-duu7-7fgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359760?format=json","vulnerability_id":"VCID-bqwy-vw6g-uudj","summary":"OpenClaw: Media download follows cross-origin redirects with Authorization headers intact\n## Summary\nMedia download follows cross-origin redirects with Authorization headers intact\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: Shipped v2026.3.28 media downloads forwarded Authorization across cross-origin redirects, a real in-scope credential-leak class that fits medium.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `e704323ff388ed21f6963f9b8e0b1b8dfaaabc5f` — 2026-03-31T19:57:42+09:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/advisories/GHSA-68v4-hmwv-f43h","reference_id":"GHSA-68v4-hmwv-f43h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68v4-hmwv-f43h"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-68v4-hmwv-f43h","reference_id":"GHSA-68v4-hmwv-f43h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-68v4-hmwv-f43h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["GHSA-68v4-hmwv-f43h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqwy-vw6g-uudj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81133?format=json","vulnerability_id":"VCID-brzy-7832-5bhh","summary":"OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to persist on identity-bearing authentication paths and escalate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41404","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29647","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41404"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8b88b927cb0747ad24d95b07d35682bf85dc5b0e","reference_id":"8b88b927cb0747ad24d95b07d35682bf85dc5b0e","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:38:09Z/"}],"url":"https://github.com/openclaw/openclaw/commit/8b88b927cb0747ad24d95b07d35682bf85dc5b0e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41404","reference_id":"CVE-2026-41404","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41404"},{"reference_url":"https://github.com/advisories/GHSA-g374-mggx-p6xc","reference_id":"GHSA-g374-mggx-p6xc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g374-mggx-p6xc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g374-mggx-p6xc","reference_id":"GHSA-g374-mggx-p6xc","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:38:09Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g374-mggx-p6xc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-operator-admin-privilege-escalation-via-trusted-proxy-authentication","reference_id":"openclaw-operator-admin-privilege-escalation-via-trusted-proxy-authentication","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:38:09Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-operator-admin-privilege-escalation-via-trusted-proxy-authentication"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41404","GHSA-g374-mggx-p6xc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brzy-7832-5bhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360037?format=json","vulnerability_id":"VCID-bt5u-3vwp-rqcw","summary":"Duplicate Advisory: OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-9528-x887-j2fp. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting authentication without throttling.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33580","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33580"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9528-x887-j2fp","reference_id":"GHSA-9528-x887-j2fp","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9528-x887-j2fp"},{"reference_url":"https://github.com/advisories/GHSA-gm9m-x74r-8whg","reference_id":"GHSA-gm9m-x74r-8whg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gm9m-x74r-8whg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-gm9m-x74r-8whg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bt5u-3vwp-rqcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359267?format=json","vulnerability_id":"VCID-bvyn-2c5r-4bce","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42427","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10976","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42427"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7437-7hg8-frrw","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7437-7hg8-frrw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42427","reference_id":"CVE-2026-42427","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42427"},{"reference_url":"https://github.com/advisories/GHSA-7437-7hg8-frrw","reference_id":"GHSA-7437-7hg8-frrw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7437-7hg8-frrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42427","GHSA-7437-7hg8-frrw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvyn-2c5r-4bce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77488?format=json","vulnerability_id":"VCID-c198-v1zn-pbck","summary":"OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval with changed env input, bypassing execution-integrity controls in approval-enabled workflows.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32058","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11611","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32058"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/10481097f8e6dd0346db9be0b5f27570e1bdfcfa","reference_id":"10481097f8e6dd0346db9be0b5f27570e1bdfcfa","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:43:40Z/"}],"url":"https://github.com/openclaw/openclaw/commit/10481097f8e6dd0346db9be0b5f27570e1bdfcfa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32058","reference_id":"CVE-2026-32058","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32058"},{"reference_url":"https://github.com/advisories/GHSA-hjvp-qhm6-wrh2","reference_id":"GHSA-hjvp-qhm6-wrh2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hjvp-qhm6-wrh2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hjvp-qhm6-wrh2","reference_id":"GHSA-hjvp-qhm6-wrh2","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:43:40Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hjvp-qhm6-wrh2"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-approval-context-binding-weakness-in-system-run-via-host-node","reference_id":"openclaw-approval-context-binding-weakness-in-system-run-via-host-node","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:43:40Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-approval-context-binding-weakness-in-system-run-via-host-node"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["CVE-2026-32058","GHSA-hjvp-qhm6-wrh2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c198-v1zn-pbck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67891?format=json","vulnerability_id":"VCID-c3fa-2u7p-pkgn","summary":"OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling attackers to bypass signature verification and replay protection to execute arbitrary commands.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44109","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42062","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44109"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/66707","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/66707"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44109","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44109"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c8003f1b33ed2924be5f62131bd28742c5a41aae","reference_id":"c8003f1b33ed2924be5f62131bd28742c5a41aae","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/"}],"url":"https://github.com/openclaw/openclaw/commit/c8003f1b33ed2924be5f62131bd28742c5a41aae"},{"reference_url":"https://github.com/advisories/GHSA-xh72-v6v9-mwhc","reference_id":"GHSA-xh72-v6v9-mwhc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh72-v6v9-mwhc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc","reference_id":"GHSA-xh72-v6v9-mwhc","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-feishu-webhook-and-card-action-validation","reference_id":"openclaw-authentication-bypass-in-feishu-webhook-and-card-action-validation","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-feishu-webhook-and-card-action-validation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373280?format=json","purl":"pkg:npm/openclaw@2026.4.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15"}],"aliases":["CVE-2026-44109","GHSA-xh72-v6v9-mwhc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3fa-2u7p-pkgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70133?format=json","vulnerability_id":"VCID-c3hg-hct8-eqbv","summary":"OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page content by exploiting route-driven navigation without proper policy re-validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42436","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10563","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42436"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/66040","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/66040"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42436","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42436"},{"reference_url":"https://github.com/openclaw/openclaw/commit/b75ad800a59009fc47eaa3471410f69046150e59","reference_id":"b75ad800a59009fc47eaa3471410f69046150e59","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:04Z/"}],"url":"https://github.com/openclaw/openclaw/commit/b75ad800a59009fc47eaa3471410f69046150e59"},{"reference_url":"https://github.com/advisories/GHSA-c4qm-58hj-j6pj","reference_id":"GHSA-c4qm-58hj-j6pj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4qm-58hj-j6pj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qm-58hj-j6pj","reference_id":"GHSA-c4qm-58hj-j6pj","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:04Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qm-58hj-j6pj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-internal-page-content-exposure-via-browser-snapshot-and-screenshot-routes","reference_id":"openclaw-internal-page-content-exposure-via-browser-snapshot-and-screenshot-routes","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:04Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-internal-page-content-exposure-via-browser-snapshot-and-screenshot-routes"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373341?format=json","purl":"pkg:npm/openclaw@2026.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14"}],"aliases":["CVE-2026-42436","GHSA-c4qm-58hj-j6pj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3hg-hct8-eqbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71722?format=json","vulnerability_id":"VCID-c723-znew-ebhm","summary":"OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the stricter WebSocket RPC authorization checks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35619","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10993","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35619"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35619","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35619"},{"reference_url":"https://github.com/openclaw/openclaw/commit/06de515b6c42816b62ec752e1c221cab67b38501","reference_id":"06de515b6c42816b62ec752e1c221cab67b38501","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:05:44Z/"}],"url":"https://github.com/openclaw/openclaw/commit/06de515b6c42816b62ec752e1c221cab67b38501"},{"reference_url":"https://github.com/advisories/GHSA-68f8-9mhj-h2mp","reference_id":"GHSA-68f8-9mhj-h2mp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68f8-9mhj-h2mp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-68f8-9mhj-h2mp","reference_id":"GHSA-68f8-9mhj-h2mp","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:05:44Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-68f8-9mhj-h2mp"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-http-v1-models-endpoint","reference_id":"openclaw-authorization-bypass-via-http-v1-models-endpoint","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:05:44Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-http-v1-models-endpoint"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["CVE-2026-35619","GHSA-68f8-9mhj-h2mp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c723-znew-ebhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69923?format=json","vulnerability_id":"VCID-c8dt-7z8a-qufe","summary":"OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45003","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01333","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45003"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45003","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45003"},{"reference_url":"https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272","reference_id":"0623079e98abf7202591f1b04a89755eb7ec9272","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/"}],"url":"https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272"},{"reference_url":"https://github.com/advisories/GHSA-55cf-xx38-4p9p","reference_id":"GHSA-55cf-xx38-4p9p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-55cf-xx38-4p9p"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p","reference_id":"GHSA-55cf-xx38-4p9p","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files","reference_id":"openclaw-connector-endpoint-host-override-via-workspace-dotenv-files","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-45003","GHSA-55cf-xx38-4p9p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8dt-7z8a-qufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359957?format=json","vulnerability_id":"VCID-c8mh-j256-j3aa","summary":"## Impact\n\nOpenClaw Host-Exec Environment Variable Injection.\n\nHost exec could inherit environment variables that influence interpreters, shells, or build tools.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.3.28`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @wsparks-vc for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-w9j9-w4cp-6wgr","reference_id":"GHSA-w9j9-w4cp-6wgr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9j9-w4cp-6wgr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w9j9-w4cp-6wgr","reference_id":"GHSA-w9j9-w4cp-6wgr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w9j9-w4cp-6wgr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["GHSA-w9j9-w4cp-6wgr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8mh-j256-j3aa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67686?format=json","vulnerability_id":"VCID-cbdg-vzrj-puc2","summary":"OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODE_OPTIONS, LD_PRELOAD, or BASH_ENV to spawned MCP server processes, enabling code injection when operators start sessions using those servers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44995","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01927","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44995"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44995","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44995"},{"reference_url":"https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af","reference_id":"62fa5071896e95edc7f67d1cebc70a2859e283af","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af"},{"reference_url":"https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b","reference_id":"85d86ebc4bf3d2226d39d132a484f4f7a299fa1b","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b"},{"reference_url":"https://github.com/advisories/GHSA-mj59-h3q9-ghfh","reference_id":"GHSA-mj59-h3q9-ghfh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mj59-h3q9-ghfh"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh","reference_id":"GHSA-mj59-h3q9-ghfh","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables","reference_id":"openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44995","GHSA-mj59-h3q9-ghfh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbdg-vzrj-puc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67718?format=json","vulnerability_id":"VCID-cf4u-fs5p-3ue3","summary":"OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44117","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14096","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44117"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44117","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44117"},{"reference_url":"https://github.com/openclaw/openclaw/commit/49db424c8001f2f419aad85f434894d8d85c1a09","reference_id":"49db424c8001f2f419aad85f434894d8d85c1a09","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/"}],"url":"https://github.com/openclaw/openclaw/commit/49db424c8001f2f419aad85f434894d8d85c1a09"},{"reference_url":"https://github.com/advisories/GHSA-c4qg-j8jg-42q5","reference_id":"GHSA-c4qg-j8jg-42q5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4qg-j8jg-42q5"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qg-j8jg-42q5","reference_id":"GHSA-c4qg-j8jg-42q5","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qg-j8jg-42q5"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qqbot-direct-media-upload","reference_id":"openclaw-server-side-request-forgery-in-qqbot-direct-media-upload","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qqbot-direct-media-upload"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44117","GHSA-c4qg-j8jg-42q5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf4u-fs5p-3ue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70398?format=json","vulnerability_id":"VCID-cfj6-nuq4-wudw","summary":"OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway auth route to gain unauthorized write access to runtime operations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42429","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20432","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42429"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42429","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42429"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:09:14Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-4f8g-77mw-3rxc","reference_id":"GHSA-4f8g-77mw-3rxc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f8g-77mw-3rxc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4f8g-77mw-3rxc","reference_id":"GHSA-4f8g-77mw-3rxc","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:09:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4f8g-77mw-3rxc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-gateway-plugin-http-authentication","reference_id":"openclaw-privilege-escalation-via-gateway-plugin-http-authentication","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:09:14Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-gateway-plugin-http-authentication"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42429","GHSA-4f8g-77mw-3rxc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cfj6-nuq4-wudw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359911?format=json","vulnerability_id":"VCID-cj2h-dvh1-1bhx","summary":"OpenClaw: SSH-based sandbox backends pass unsanitized process.env to child processes\n## Summary\nSSH-based sandbox backends pass unsanitized process.env to child processes\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: Shipped SSH sandbox paths leaked unsanitized env into local SSH child processes, but remote leakage needs non-default SSH env forwarding, so lower to low.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `cfe14459531e002a1c61c27d97ec7dc8aecddc1f` — 2026-03-30T20:05:57+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/advisories/GHSA-j9pv-rrcj-6pfx","reference_id":"GHSA-j9pv-rrcj-6pfx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j9pv-rrcj-6pfx"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j9pv-rrcj-6pfx","reference_id":"GHSA-j9pv-rrcj-6pfx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j9pv-rrcj-6pfx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["GHSA-j9pv-rrcj-6pfx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cj2h-dvh1-1bhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71864?format=json","vulnerability_id":"VCID-ckjx-441a-zqfx","summary":"OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious discovery metadata.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35659","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00685","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35659"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35659","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35659"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:58:41Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/deecf68b59a9b7eea978e40fd3c2fe543087b569","reference_id":"deecf68b59a9b7eea978e40fd3c2fe543087b569","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:58:41Z/"}],"url":"https://github.com/openclaw/openclaw/commit/deecf68b59a9b7eea978e40fd3c2fe543087b569"},{"reference_url":"https://github.com/advisories/GHSA-rvqr-hrcc-j9vv","reference_id":"GHSA-rvqr-hrcc-j9vv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rvqr-hrcc-j9vv"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rvqr-hrcc-j9vv","reference_id":"GHSA-rvqr-hrcc-j9vv","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:58:41Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rvqr-hrcc-j9vv"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unresolved-service-metadata-routing-via-bonjour-and-dns-sd-discovery","reference_id":"openclaw-unresolved-service-metadata-routing-via-bonjour-and-dns-sd-discovery","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:58:41Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unresolved-service-metadata-routing-via-bonjour-and-dns-sd-discovery"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35659","GHSA-rvqr-hrcc-j9vv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ckjx-441a-zqfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212776?format=json","vulnerability_id":"VCID-cqm7-wncz-z3ed","summary":"OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/e27bbe4982439da6864160fd1b66445058f74801","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/e27bbe4982439da6864160fd1b66445058f74801"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"},{"reference_url":"https://github.com/advisories/GHSA-j425-whc4-4jgc","reference_id":"GHSA-j425-whc4-4jgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j425-whc4-4jgc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j425-whc4-4jgc","reference_id":"GHSA-j425-whc4-4jgc","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j425-whc4-4jgc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40410?format=json","purl":"pkg:npm/openclaw@2026.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.7"}],"aliases":["GHSA-j425-whc4-4jgc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cqm7-wncz-z3ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77440?format=json","vulnerability_id":"VCID-cqrj-mmkg-fkb1","summary":"OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue signal reaction status lines for sessions without proper DM or group access validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32050","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1307","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32050"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2aa7842adeedef423be7ce283a9144b9f1a0a669","reference_id":"2aa7842adeedef423be7ce283a9144b9f1a0a669","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T18:51:05Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2aa7842adeedef423be7ce283a9144b9f1a0a669"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32050","reference_id":"CVE-2026-32050","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32050"},{"reference_url":"https://github.com/advisories/GHSA-792q-qw95-f446","reference_id":"GHSA-792q-qw95-f446","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-792q-qw95-f446"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-792q-qw95-f446","reference_id":"GHSA-792q-qw95-f446","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T18:51:05Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-792q-qw95-f446"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unauthorized-reaction-status-event-enqueue-via-access-check-bypass","reference_id":"openclaw-unauthorized-reaction-status-event-enqueue-via-access-check-bypass","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T18:51:05Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unauthorized-reaction-status-event-enqueue-via-access-check-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["CVE-2026-32050","GHSA-792q-qw95-f446"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cqrj-mmkg-fkb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65518?format=json","vulnerability_id":"VCID-crh9-tw4p-2bgr","summary":"OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43567","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10419","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43567"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/63551","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/63551"},{"reference_url":"https://github.com/openclaw/openclaw/commit/635bb35b68d8faa5bfa2fda35feadd315122748a","reference_id":"635bb35b68d8faa5bfa2fda35feadd315122748a","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:42Z/"}],"url":"https://github.com/openclaw/openclaw/commit/635bb35b68d8faa5bfa2fda35feadd315122748a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43567","reference_id":"CVE-2026-43567","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43567"},{"reference_url":"https://github.com/advisories/GHSA-jf25-7968-h2h5","reference_id":"GHSA-jf25-7968-h2h5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jf25-7968-h2h5"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jf25-7968-h2h5","reference_id":"GHSA-jf25-7968-h2h5","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:42Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jf25-7968-h2h5"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-path-traversal-in-screen-record-outpath-parameter","reference_id":"openclaw-path-traversal-in-screen-record-outpath-parameter","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:42Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-path-traversal-in-screen-record-outpath-parameter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["CVE-2026-43567","GHSA-jf25-7968-h2h5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crh9-tw4p-2bgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212716?format=json","vulnerability_id":"VCID-cu3u-xqct-vqg6","summary":"OpenClaw: Sandboxed sessions_spawn(runtime=\"acp\") bypassed sandbox inheritance and allowed host ACP initialization","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ac11f0af731d41743ba02d8595f4d0fe747336e3","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/ac11f0af731d41743ba02d8595f4d0fe747336e3"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c703aa0fe92df9fb71cf254fc46991e05fba2114","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/c703aa0fe92df9fb71cf254fc46991e05fba2114"},{"reference_url":"https://github.com/advisories/GHSA-474h-prjg-mmw3","reference_id":"GHSA-474h-prjg-mmw3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-474h-prjg-mmw3"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-474h-prjg-mmw3","reference_id":"GHSA-474h-prjg-mmw3","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-474h-prjg-mmw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40136?format=json","purl":"pkg:npm/openclaw@2026.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2"}],"aliases":["GHSA-474h-prjg-mmw3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cu3u-xqct-vqg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65603?format=json","vulnerability_id":"VCID-d34s-z46v-gygk","summary":"OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43573","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11169","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43573"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/64370","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/64370"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43573","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43573"},{"reference_url":"https://github.com/openclaw/openclaw/commit/daeb74920d5ad986cb600625180037e23221e93a","reference_id":"daeb74920d5ad986cb600625180037e23221e93a","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:59Z/"}],"url":"https://github.com/openclaw/openclaw/commit/daeb74920d5ad986cb600625180037e23221e93a"},{"reference_url":"https://github.com/advisories/GHSA-527m-976r-jf79","reference_id":"GHSA-527m-976r-jf79","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-527m-976r-jf79"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-527m-976r-jf79","reference_id":"GHSA-527m-976r-jf79","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:59Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-527m-976r-jf79"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-in-existing-session-browser-interaction-routes","reference_id":"openclaw-ssrf-policy-bypass-in-existing-session-browser-interaction-routes","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:59Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-in-existing-session-browser-interaction-routes"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["CVE-2026-43573","GHSA-527m-976r-jf79"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d34s-z46v-gygk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77155?format=json","vulnerability_id":"VCID-d5d6-s6qw-1bbf","summary":"OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32978","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17299","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32978"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32978","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32978"},{"reference_url":"https://github.com/advisories/GHSA-qc36-x95h-7j53","reference_id":"GHSA-qc36-x95h-7j53","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qc36-x95h-7j53"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qc36-x95h-7j53","reference_id":"GHSA-qc36-x95h-7j53","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T14:30:21Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qc36-x95h-7j53"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-unrecognized-script-runners","reference_id":"openclaw-approval-bypass-via-unrecognized-script-runners","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T14:30:21Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-unrecognized-script-runners"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["CVE-2026-32978","GHSA-qc36-x95h-7j53"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5d6-s6qw-1bbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71572?format=json","vulnerability_id":"VCID-d8dy-y1mu-bqgc","summary":"OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or reflection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35654","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.124","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35654"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c5415a474bb085404c20f8b312e436997977b1ea","reference_id":"c5415a474bb085404c20f8b312e436997977b1ea","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:43:38Z/"}],"url":"https://github.com/openclaw/openclaw/commit/c5415a474bb085404c20f8b312e436997977b1ea"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35654","reference_id":"CVE-2026-35654","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35654"},{"reference_url":"https://github.com/advisories/GHSA-rf6h-5gpw-qrgq","reference_id":"GHSA-rf6h-5gpw-qrgq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rf6h-5gpw-qrgq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rf6h-5gpw-qrgq","reference_id":"GHSA-rf6h-5gpw-qrgq","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:43:38Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rf6h-5gpw-qrgq"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-microsoft-teams-feedback-invoke","reference_id":"openclaw-authorization-bypass-in-microsoft-teams-feedback-invoke","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:43:38Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-microsoft-teams-feedback-invoke"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-35654","GHSA-rf6h-5gpw-qrgq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d8dy-y1mu-bqgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360150?format=json","vulnerability_id":"VCID-deuq-mfzr-d7c2","summary":"OpenClaw Telegram media fetch errors exposed bot tokens in logged file URLs\n### Summary\n`openclaw` versions `<= 2026.3.12` could include raw Telegram bot tokens in media fetch error strings when inbound Telegram media downloads failed.\n\n### Affected Packages / Versions\n- Package: `openclaw` (`npm`)\n- Affected versions: `<= 2026.3.12`\n- Fixed version: `2026.3.13`\n\n### Details\nThe vulnerable path was `fetchRemoteMedia()` in `src/media/fetch.ts`. In affected releases, fetch and HTTP error paths embedded the original Telegram file URL into `MediaFetchError` messages. For Telegram media, those URLs can include `/file/bot<TOKEN>/...`, so the resulting error strings could leak bot tokens into logs, console output, or any downstream error surface that rendered the exception text.\n\nThis issue is in scope under OpenClaw's trust model because the leaked secret is an OpenClaw-operated integration credential, not a user-supplied third-party secret.\n\n### Fix\n`openclaw@2026.3.13` redacts sensitive media URLs before constructing fetch error messages. Current code routes the source URL and follow-on error paths through `redactMediaUrl()` / `redactSensitiveText()`, so Telegram bot tokens are no longer emitted in those error strings.\n\nRegression coverage exists in `src/media/fetch.test.ts` (`redacts Telegram bot tokens from fetch failure messages` and `redacts Telegram bot tokens from HTTP error messages`).\n\n### Fix Commit(s)\n- `7a53eb7ea8295b08be137e231c9a98c1a79b5cd5`\n\nThanks @space08 for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-xwcj-hwhf-h378","reference_id":"GHSA-xwcj-hwhf-h378","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xwcj-hwhf-h378"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xwcj-hwhf-h378","reference_id":"GHSA-xwcj-hwhf-h378","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xwcj-hwhf-h378"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374836?format=json","purl":"pkg:npm/openclaw@2026.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.13"}],"aliases":["GHSA-xwcj-hwhf-h378"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-deuq-mfzr-d7c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360033?format=json","vulnerability_id":"VCID-djr4-azeh-mfap","summary":"OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure\n## Summary\n\nThe jq safe-bin policy blocked explicit `env` usage but still allowed jq programs that accessed environment data through `$ENV`.\n\n## Impact\n\nAn operator-approved safe-bin jq command could disclose environment variables that the safe-bin policy was supposed to keep out of scope.\n\n## Affected Component\n\n`src/infra/exec-safe-bin-semantics.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `78e2f3d66d` (`Exec: tighten jq safe-bin env checks`).\n\nThanks @nicky-cc  of Tencent zhuque Lab ([https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard)) for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/78e2f3d66d74e5c7e6f45c54162e63986e39771b","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/78e2f3d66d74e5c7e6f45c54162e63986e39771b"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jccr-rrw2-vc8h","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jccr-rrw2-vc8h"},{"reference_url":"https://github.com/advisories/GHSA-jccr-rrw2-vc8h","reference_id":"GHSA-jccr-rrw2-vc8h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jccr-rrw2-vc8h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-jccr-rrw2-vc8h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djr4-azeh-mfap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360122?format=json","vulnerability_id":"VCID-dnts-s9yw-5ydv","summary":"Duplicate Advisory: web_search citation redirect SSRF via private-network-allowing policy\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-g99v-8hwm-g76g. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_search citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host to loopback, private, or internal destinations.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31989","reference_id":"CVE-2026-31989","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31989"},{"reference_url":"https://github.com/advisories/GHSA-44c9-4rg5-qjgq","reference_id":"GHSA-44c9-4rg5-qjgq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-44c9-4rg5-qjgq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g99v-8hwm-g76g","reference_id":"GHSA-g99v-8hwm-g76g","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g99v-8hwm-g76g"}],"fixed_packages":[],"aliases":["GHSA-44c9-4rg5-qjgq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnts-s9yw-5ydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212728?format=json","vulnerability_id":"VCID-dnym-w1cd-9fdj","summary":"OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-xmv6-r34m-62p4","reference_id":"GHSA-xmv6-r34m-62p4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xmv6-r34m-62p4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xmv6-r34m-62p4","reference_id":"GHSA-xmv6-r34m-62p4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xmv6-r34m-62p4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["GHSA-xmv6-r34m-62p4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnym-w1cd-9fdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76876?format=json","vulnerability_id":"VCID-dtrh-kmkq-r7hd","summary":"OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp directory, enabling arbitrary file overwrite on the affected system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32054","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.04081","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32054"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/496a76c03ba85e15ea715e5a583e498ae04d36e3","reference_id":"496a76c03ba85e15ea715e5a583e498ae04d36e3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:40:16Z/"}],"url":"https://github.com/openclaw/openclaw/commit/496a76c03ba85e15ea715e5a583e498ae04d36e3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32054","reference_id":"CVE-2026-32054","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32054"},{"reference_url":"https://github.com/advisories/GHSA-36h3-7c54-j27r","reference_id":"GHSA-36h3-7c54-j27r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-36h3-7c54-j27r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-36h3-7c54-j27r","reference_id":"GHSA-36h3-7c54-j27r","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:40:16Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-36h3-7c54-j27r"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-browser-trace-download-path-handling","reference_id":"openclaw-symlink-traversal-in-browser-trace-download-path-handling","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:40:16Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-browser-trace-download-path-handling"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["CVE-2026-32054","GHSA-36h3-7c54-j27r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dtrh-kmkq-r7hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81026?format=json","vulnerability_id":"VCID-dtva-truu-4qac","summary":"OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver duplicate webhook messages to unintended targets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41402","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11329","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41402"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41402","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41402"},{"reference_url":"https://github.com/openclaw/openclaw/commit/4d038bb242c11f39e45f6a4bde400e5fd42e4ebf","reference_id":"4d038bb242c11f39e45f6a4bde400e5fd42e4ebf","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:17:15Z/"}],"url":"https://github.com/openclaw/openclaw/commit/4d038bb242c11f39e45f6a4bde400e5fd42e4ebf"},{"reference_url":"https://github.com/advisories/GHSA-hhq4-97c2-p447","reference_id":"GHSA-hhq4-97c2-p447","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhq4-97c2-p447"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hhq4-97c2-p447","reference_id":"GHSA-hhq4-97c2-p447","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:17:15Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hhq4-97c2-p447"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-webhook-replay-cache-cross-target-messageid-scope-bypass","reference_id":"openclaw-webhook-replay-cache-cross-target-messageid-scope-bypass","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:17:15Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-webhook-replay-cache-cross-target-messageid-scope-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41402","GHSA-hhq4-97c2-p447"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dtva-truu-4qac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360144?format=json","vulnerability_id":"VCID-duqg-y513-2bd2","summary":"Duplicate Advisory: OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xf99-j42q-5w5p. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32979","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32979"},{"reference_url":"https://github.com/advisories/GHSA-wmgj-hrx3-23gj","reference_id":"GHSA-wmgj-hrx3-23gj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wmgj-hrx3-23gj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xf99-j42q-5w5p","reference_id":"GHSA-xf99-j42q-5w5p","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xf99-j42q-5w5p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-wmgj-hrx3-23gj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-duqg-y513-2bd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77399?format=json","vulnerability_id":"VCID-dvr7-ug54-1fcj","summary":"OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check improperly resolves aliases, permitting the first write operation to escape the workspace boundary and create files in arbitrary locations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32055","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2631","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32055"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32055","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32055"},{"reference_url":"https://github.com/openclaw/openclaw/commit/1aef45bc060b28a0af45a67dc66acd36aef763c9","reference_id":"1aef45bc060b28a0af45a67dc66acd36aef763c9","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:20:51Z/"}],"url":"https://github.com/openclaw/openclaw/commit/1aef45bc060b28a0af45a67dc66acd36aef763c9"},{"reference_url":"https://github.com/openclaw/openclaw/commit/46eba86b45e9db05b7b792e914c4fe0de1b40a23","reference_id":"46eba86b45e9db05b7b792e914c4fe0de1b40a23","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:20:51Z/"}],"url":"https://github.com/openclaw/openclaw/commit/46eba86b45e9db05b7b792e914c4fe0de1b40a23"},{"reference_url":"https://github.com/advisories/GHSA-mgrq-9f93-wpp5","reference_id":"GHSA-mgrq-9f93-wpp5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mgrq-9f93-wpp5"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mgrq-9f93-wpp5","reference_id":"GHSA-mgrq-9f93-wpp5","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:20:51Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mgrq-9f93-wpp5"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-workspace-path-boundary-bypass-via-non-existent-symlink","reference_id":"openclaw-workspace-path-boundary-bypass-via-non-existent-symlink","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:20:51Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-workspace-path-boundary-bypass-via-non-existent-symlink"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["CVE-2026-32055","GHSA-mgrq-9f93-wpp5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvr7-ug54-1fcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212688?format=json","vulnerability_id":"VCID-dxpt-cg6z-17am","summary":"OpenClaw: Sandbox media TOCTOU could read files outside sandbox root","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-7xmq-g46g-f8pv","reference_id":"GHSA-7xmq-g46g-f8pv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7xmq-g46g-f8pv"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7xmq-g46g-f8pv","reference_id":"GHSA-7xmq-g46g-f8pv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7xmq-g46g-f8pv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40062?format=json","purl":"pkg:npm/openclaw@2026.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cb88-xg59-e7dh"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xbsp-wcqs-4bf4"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.1"}],"aliases":["GHSA-7xmq-g46g-f8pv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxpt-cg6z-17am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212715?format=json","vulnerability_id":"VCID-e1s7-q6qr-4fbc","summary":"OpenClaw: ZIP extraction race could write outside destination via parent symlink rebind","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28483","reference_id":"CVE-2026-28483","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28483"},{"reference_url":"https://github.com/advisories/GHSA-r54r-wmmq-mh84","reference_id":"GHSA-r54r-wmmq-mh84","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r54r-wmmq-mh84"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r54r-wmmq-mh84","reference_id":"GHSA-r54r-wmmq-mh84","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r54r-wmmq-mh84"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40136?format=json","purl":"pkg:npm/openclaw@2026.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2"}],"aliases":["CVE-2026-28483","GHSA-r54r-wmmq-mh84"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e1s7-q6qr-4fbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67782?format=json","vulnerability_id":"VCID-e327-pu9e-x7gh","summary":"OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that bypass subagent-only constraints, potentially escalating privileges or accessing restricted resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44997","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0842","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44997"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44997","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44997"},{"reference_url":"https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2","reference_id":"31160dc069b7cc5d833b39c53736a41ad3befda2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/"}],"url":"https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2"},{"reference_url":"https://github.com/advisories/GHSA-q3jj-46pq-826r","reference_id":"GHSA-q3jj-46pq-826r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3jj-46pq-826r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r","reference_id":"GHSA-q3jj-46pq-826r","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions","reference_id":"openclaw-security-envelope-constraint-bypass-in-acp-child-sessions","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44997","GHSA-q3jj-46pq-826r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e327-pu9e-x7gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359872?format=json","vulnerability_id":"VCID-e351-abpr-7fhx","summary":"Duplicate Advisory: OpenClaw's complex interpreter pipelines could skip exec script preflight validation\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-fvx6-pj3r-5q4q. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped execution, command substitution, or subshell invocation to bypass the validateScriptFileForShellBleed() validation checks and execute arbitrary script content that would otherwise be blocked.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34425","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34425"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4q","reference_id":"GHSA-fvx6-pj3r-5q4q","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4q"},{"reference_url":"https://github.com/advisories/GHSA-rf75-g96h-j3rm","reference_id":"GHSA-rf75-g96h-j3rm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rf75-g96h-j3rm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["GHSA-rf75-g96h-j3rm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e351-abpr-7fhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360110?format=json","vulnerability_id":"VCID-e6cf-mh6h-pqgn","summary":"OpenClaw SSRF guard misses four IPv6 special-use ranges\n## Summary\n\nThe SSRF/IP classifier treated several IPv6 special-use ranges as public and allowed fetches to proceed.\n\n## Impact\n\nAn attacker who controlled a fetched URL could target internal or non-routable IPv6 addresses that should have been blocked by the SSRF guard.\n\n## Affected Component\n\n`src/shared/net/ip.ts, src/infra/net/ssrf.*`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `d61f8e5672` (`Net: block missing IPv6 special-use ranges`).\n\nOpenClaw thanks @nicky-cc  of Tencent zhuque Lab [https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard) for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d61f8e56723e03573b847422468d99c44c26e34f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/d61f8e56723e03573b847422468d99c44c26e34f"},{"reference_url":"https://github.com/advisories/GHSA-g86v-f9qv-rh6m","reference_id":"GHSA-g86v-f9qv-rh6m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g86v-f9qv-rh6m"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g86v-f9qv-rh6m","reference_id":"GHSA-g86v-f9qv-rh6m","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g86v-f9qv-rh6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-g86v-f9qv-rh6m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6cf-mh6h-pqgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359800?format=json","vulnerability_id":"VCID-e6q6-e2my-gfce","summary":"OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read\n## Summary\nOpenClaw <= 2026.3.24 Media Parsing Path Traversal to Arbitrary File Read\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.24`\n- Patched versions: `>= 2026.3.28`\n- First stable tag containing the fix: `v2026.3.28`\n\n## Fix Commit(s)\n- `4797bbc5b96e2cca5532e43b58915c051746fe37` — 2026-03-25T13:35:16-06:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.28`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-f6pf-4gjx-c94r","reference_id":"GHSA-f6pf-4gjx-c94r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f6pf-4gjx-c94r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r","reference_id":"GHSA-f6pf-4gjx-c94r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-f6pf-4gjx-c94r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6q6-e2my-gfce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80750?format=json","vulnerability_id":"VCID-e84v-kdtb-5ycs","summary":"OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is performed, gaining unauthorized access to restricted voice channels.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41381","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10415","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41381"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41381","reference_id":"CVE-2026-41381","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41381"},{"reference_url":"https://github.com/openclaw/openclaw/commit/dba96e7507e0900f120e5e28e57755d69bf78759","reference_id":"dba96e7507e0900f120e5e28e57755d69bf78759","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:29:48Z/"}],"url":"https://github.com/openclaw/openclaw/commit/dba96e7507e0900f120e5e28e57755d69bf78759"},{"reference_url":"https://github.com/advisories/GHSA-cqgw-44wg-44rf","reference_id":"GHSA-cqgw-44wg-44rf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cqgw-44wg-44rf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cqgw-44wg-44rf","reference_id":"GHSA-cqgw-44wg-44rf","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:29:48Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cqgw-44wg-44rf"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-access-control-bypass-in-discord-voice-manager-via-channel-allowlist","reference_id":"openclaw-access-control-bypass-in-discord-voice-manager-via-channel-allowlist","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:29:48Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-access-control-bypass-in-discord-voice-manager-via-channel-allowlist"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41381","GHSA-cqgw-44wg-44rf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e84v-kdtb-5ycs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67649?format=json","vulnerability_id":"VCID-e8sz-63dk-tfbs","summary":"OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are configured without explicit owner allowFrom settings. Attackers can exploit this by sending commands like /send, /config, or /debug on affected channels to bypass owner-only command authorization checks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44991","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09004","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44991"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44991","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44991"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2aa93d44a1b2c7058c371f261fda2b5d4de4a882","reference_id":"2aa93d44a1b2c7058c371f261fda2b5d4de4a882","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2aa93d44a1b2c7058c371f261fda2b5d4de4a882"},{"reference_url":"https://github.com/openclaw/openclaw/commit/995febb7b1e811ff6a1df5b18c22de94103f4c9f","reference_id":"995febb7b1e811ff6a1df5b18c22de94103f4c9f","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://github.com/openclaw/openclaw/commit/995febb7b1e811ff6a1df5b18c22de94103f4c9f"},{"reference_url":"https://github.com/advisories/GHSA-c28g-vh7m-fm7v","reference_id":"GHSA-c28g-vh7m-fm7v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c28g-vh7m-fm7v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c28g-vh7m-fm7v","reference_id":"GHSA-c28g-vh7m-fm7v","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c28g-vh7m-fm7v"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders","reference_id":"openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374221?format=json","purl":"pkg:npm/openclaw@2026.4.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.21"}],"aliases":["CVE-2026-44991","GHSA-c28g-vh7m-fm7v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8sz-63dk-tfbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65588?format=json","vulnerability_id":"VCID-eaeg-e381-nyh5","summary":"OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through outbound media handling.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43533","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.2024","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43533"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/63271","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/63271"},{"reference_url":"https://github.com/openclaw/openclaw/commit/604777e4414cc3b2ff8861f18f4fb04374c702c6","reference_id":"604777e4414cc3b2ff8861f18f4fb04374c702c6","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:41:49Z/"}],"url":"https://github.com/openclaw/openclaw/commit/604777e4414cc3b2ff8861f18f4fb04374c702c6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43533","reference_id":"CVE-2026-43533","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43533"},{"reference_url":"https://github.com/advisories/GHSA-66r7-m7xm-v49h","reference_id":"GHSA-66r7-m7xm-v49h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-66r7-m7xm-v49h"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-66r7-m7xm-v49h","reference_id":"GHSA-66r7-m7xm-v49h","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:41:49Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-66r7-m7xm-v49h"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-local-file-read-via-qqbot-media-tags","reference_id":"openclaw-arbitrary-local-file-read-via-qqbot-media-tags","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:41:49Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-local-file-read-via-qqbot-media-tags"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["CVE-2026-43533","GHSA-66r7-m7xm-v49h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eaeg-e381-nyh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212779?format=json","vulnerability_id":"VCID-ed19-ejju-v3c7","summary":"OpenClaw: `operator.write` chat.send could reach admin-only config writes","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/5f8f58ae25e2a78f31b06edcf26532d634ca554e","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/5f8f58ae25e2a78f31b06edcf26532d634ca554e"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"},{"reference_url":"https://github.com/advisories/GHSA-hfpr-jhpq-x4rm","reference_id":"GHSA-hfpr-jhpq-x4rm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hfpr-jhpq-x4rm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hfpr-jhpq-x4rm","reference_id":"GHSA-hfpr-jhpq-x4rm","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hfpr-jhpq-x4rm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40410?format=json","purl":"pkg:npm/openclaw@2026.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.7"}],"aliases":["GHSA-hfpr-jhpq-x4rm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed19-ejju-v3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80632?format=json","vulnerability_id":"VCID-ed61-sus3-3yh9","summary":"OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41376","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04394","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41376"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41376","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41376"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8a563d603b70ef6338915f0527bee87282c3bad5","reference_id":"8a563d603b70ef6338915f0527bee87282c3bad5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:35Z/"}],"url":"https://github.com/openclaw/openclaw/commit/8a563d603b70ef6338915f0527bee87282c3bad5"},{"reference_url":"https://github.com/advisories/GHSA-rg8m-3943-vm6q","reference_id":"GHSA-rg8m-3943-vm6q","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg8m-3943-vm6q"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rg8m-3943-vm6q","reference_id":"GHSA-rg8m-3943-vm6q","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:35Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rg8m-3943-vm6q"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-matrix-thread-context-allowlist-bypass-via-sender-validation","reference_id":"openclaw-matrix-thread-context-allowlist-bypass-via-sender-validation","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:35Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-matrix-thread-context-allowlist-bypass-via-sender-validation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41376","GHSA-rg8m-3943-vm6q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed61-sus3-3yh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360432?format=json","vulnerability_id":"VCID-eefn-gpc1-mfdx","summary":"OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes\n## Summary\n\nThe agent-facing `gateway` tool protects `config.apply` and `config.patch` with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gateway config mutations.\n\n## Impact\n\nA prompt-injected or otherwise compromised model running with access to the owner-only `gateway` tool could persist unsafe config changes that crossed security boundaries. Examples included config paths affecting command execution, network/proxy/TLS behavior, credential forwarding, telemetry or hook endpoints, memory/indexing surfaces, and operator policy controls. These changes could survive restart once written to config.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nOpenClaw replaced the denylist with a fail-closed allowlist. Agent-driven `gateway config.apply` and `gateway config.patch` now permit only narrow agent-tunable prompt/model settings and mention-gating paths. Other config changes are rejected before the gateway mutation RPC is invoked.\n\n## Fix Commit(s)\n\n- `bceda6089aa7b3695cc7696b43c61ae3d01bb0ec` (`fix(gateway): fail closed on runtime config edits`)\n\n## Severity\n\nSeverity remains `high`. The vulnerable entry point is owner-only, but the model/agent is not a trusted principal under OpenClaw's security model, and the guard is the explicit model-to-operator boundary for persisted config mutation.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-cwj3-vqpp-pmxr","reference_id":"GHSA-cwj3-vqpp-pmxr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwj3-vqpp-pmxr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr","reference_id":"GHSA-cwj3-vqpp-pmxr","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375456?format=json","purl":"pkg:npm/openclaw@2026.4.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23"}],"aliases":["GHSA-cwj3-vqpp-pmxr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eefn-gpc1-mfdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359834?format=json","vulnerability_id":"VCID-eju9-rz5x-1bbk","summary":"Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-9jpj-g8vv-j5mf. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34511","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34511"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf","reference_id":"GHSA-9jpj-g8vv-j5mf","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf"},{"reference_url":"https://github.com/advisories/GHSA-ch86-pxr9-j9h9","reference_id":"GHSA-ch86-pxr9-j9h9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ch86-pxr9-j9h9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["GHSA-ch86-pxr9-j9h9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eju9-rz5x-1bbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360073?format=json","vulnerability_id":"VCID-emy9-ceb6-vfba","summary":"OpneClaw accepts unsanitized iMessage attachment paths which allowed SCP remote-path command injection\n### Summary\n`openclaw` versions `<= 2026.3.12` accepted unsanitized iMessage remote attachment paths when staging files over SCP, allowing shell metacharacters in the remote path operand.\n\n### Affected Packages / Versions\n- Package: `openclaw` (`npm`)\n- Affected versions: `<= 2026.3.12`\n- Fixed version: `2026.3.13`\n\n### Details\nThe vulnerable path was the remote attachment staging flow in `src/auto-reply/reply/stage-sandbox-media.ts`. When `ctx.MediaRemoteHost` was set, OpenClaw staged the attachment by spawning `/usr/bin/scp` against `<remoteHost>:<remotePath>`. In affected releases, the remote host was normalized but the remote attachment path was not validated for shell metacharacters before being passed to the SCP remote operand. A sender-controlled iMessage attachment filename containing shell metacharacters could therefore trigger command execution on the configured remote host when remote attachment staging was enabled.\n\nThis issue is in scope under OpenClaw's trust model because it crosses an inbound content boundary into host command execution on a configured remote attachment host.\n\n### Fix\n`openclaw@2026.3.13` validates the SCP remote path before spawning `scp`. Current code calls `normalizeScpRemotePath(...)` and rejects paths containing shell metacharacters instead of passing them through to the remote shell.\n\nRegression coverage exists in `src/auto-reply/reply.stage-sandbox-media.scp-remote-path.test.ts` (`rejects remote attachment filenames with shell metacharacters before spawning scp`).\n\n### Fix Commit(s)\n- `a54bf71b4c0cbe554a84340b773df37ee8e959de`\n\nThanks @lintsinghua for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-g2f6-pwvx-r275","reference_id":"GHSA-g2f6-pwvx-r275","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g2f6-pwvx-r275"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g2f6-pwvx-r275","reference_id":"GHSA-g2f6-pwvx-r275","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g2f6-pwvx-r275"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374836?format=json","purl":"pkg:npm/openclaw@2026.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.13"}],"aliases":["GHSA-g2f6-pwvx-r275"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emy9-ceb6-vfba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71792?format=json","vulnerability_id":"VCID-epaf-29e7-kue8","summary":"OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in normalizeSandboxMediaParams and missing mediaLocalRoots context to access sensitive files including API keys and configuration data outside designated sandbox roots.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35668","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1702","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35668"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35668","reference_id":"CVE-2026-35668","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35668"},{"reference_url":"https://github.com/advisories/GHSA-hr5v-j9h9-xjhg","reference_id":"GHSA-hr5v-j9h9-xjhg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hr5v-j9h9-xjhg"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hr5v-j9h9-xjhg","reference_id":"GHSA-hr5v-j9h9-xjhg","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:26:56Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hr5v-j9h9-xjhg"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sandbox-media-root-bypass-via-unnormalized-mediaurl-and-fileurl-parameters","reference_id":"openclaw-sandbox-media-root-bypass-via-unnormalized-mediaurl-and-fileurl-parameters","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:26:56Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-media-root-bypass-via-unnormalized-mediaurl-and-fileurl-parameters"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["CVE-2026-35668","GHSA-hr5v-j9h9-xjhg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epaf-29e7-kue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212750?format=json","vulnerability_id":"VCID-es6n-25j9-jqfe","summary":"OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/04d91d0319b82fd4de91ed05e9fc5219ff2ab64e","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/04d91d0319b82fd4de91ed05e9fc5219ff2ab64e"},{"reference_url":"https://github.com/advisories/GHSA-3jx4-q2m7-r496","reference_id":"GHSA-3jx4-q2m7-r496","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3jx4-q2m7-r496"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3jx4-q2m7-r496","reference_id":"GHSA-3jx4-q2m7-r496","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3jx4-q2m7-r496"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["GHSA-3jx4-q2m7-r496"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-es6n-25j9-jqfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69175?format=json","vulnerability_id":"VCID-esfn-atcn-aygd","summary":"OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing and cause integrity or availability issues.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28449","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20536","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28449"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28449","reference_id":"CVE-2026-28449","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28449"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d512163d686ad6741783e7119ddb3437f493dbbc","reference_id":"d512163d686ad6741783e7119ddb3437f493dbbc","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:35:06Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d512163d686ad6741783e7119ddb3437f493dbbc"},{"reference_url":"https://github.com/advisories/GHSA-r9q5-c7qc-p26w","reference_id":"GHSA-r9q5-c7qc-p26w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r9q5-c7qc-p26w"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r9q5-c7qc-p26w","reference_id":"GHSA-r9q5-c7qc-p26w","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:35:06Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r9q5-c7qc-p26w"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-webhook-replay-attack-via-missing-durable-replay-suppression","reference_id":"openclaw-webhook-replay-attack-via-missing-durable-replay-suppression","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:35:06Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-webhook-replay-attack-via-missing-durable-replay-suppression"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["CVE-2026-28449","GHSA-r9q5-c7qc-p26w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-esfn-atcn-aygd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71757?format=json","vulnerability_id":"VCID-esfq-5qft-rqf2","summary":"OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35639","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5449","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35639"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35639","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35639"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T03:10:46Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4","reference_id":"fc2d29ea926f47c428c556e92ec981441228d2a4","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T03:10:46Z/"}],"url":"https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4"},{"reference_url":"https://github.com/advisories/GHSA-hf68-49fm-59cq","reference_id":"GHSA-hf68-49fm-59cq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hf68-49fm-59cq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq","reference_id":"GHSA-hf68-49fm-59cq","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T03:10:46Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-device-pair-approve-scope-validation","reference_id":"openclaw-privilege-escalation-via-device-pair-approve-scope-validation","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T03:10:46Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-device-pair-approve-scope-validation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35639","GHSA-hf68-49fm-59cq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-esfq-5qft-rqf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80760?format=json","vulnerability_id":"VCID-esve-n4ww-rudc","summary":"OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41377","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11687","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41377"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/0d7f1e2c84eca65df7dee890d9c30e2a841c030a","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/0d7f1e2c84eca65df7dee890d9c30e2a841c030a"},{"reference_url":"https://github.com/openclaw/openclaw/44b993613601280d46a5b88190e46669fc13d669","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/44b993613601280d46a5b88190e46669fc13d669"},{"reference_url":"https://github.com/openclaw/openclaw/bf96c67fd1954740aeabfadc7cfe3098bcfc6b68","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/bf96c67fd1954740aeabfadc7cfe3098bcfc6b68"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41377","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41377"},{"reference_url":"https://github.com/openclaw/openclaw/commit/0d7f1e2c84eca65df7dee890d9c30e2a841c030a","reference_id":"0d7f1e2c84eca65df7dee890d9c30e2a841c030a","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/"}],"url":"https://github.com/openclaw/openclaw/commit/0d7f1e2c84eca65df7dee890d9c30e2a841c030a"},{"reference_url":"https://github.com/openclaw/openclaw/commit/44b993613601280d46a5b88190e46669fc13d669","reference_id":"44b993613601280d46a5b88190e46669fc13d669","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/"}],"url":"https://github.com/openclaw/openclaw/commit/44b993613601280d46a5b88190e46669fc13d669"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7a953a52271b9188a5fa830739a4366614ff9916","reference_id":"7a953a52271b9188a5fa830739a4366614ff9916","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7a953a52271b9188a5fa830739a4366614ff9916"},{"reference_url":"https://github.com/openclaw/openclaw/commit/bf96c67fd1954740aeabfadc7cfe3098bcfc6b68","reference_id":"bf96c67fd1954740aeabfadc7cfe3098bcfc6b68","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/"}],"url":"https://github.com/openclaw/openclaw/commit/bf96c67fd1954740aeabfadc7cfe3098bcfc6b68"},{"reference_url":"https://github.com/advisories/GHSA-cwq8-6f96-g3q4","reference_id":"GHSA-cwq8-6f96-g3q4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwq8-6f96-g3q4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cwq8-6f96-g3q4","reference_id":"GHSA-cwq8-6f96-g3q4","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cwq8-6f96-g3q4"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-fail-open-security-scan-bypass-in-plugin-installation","reference_id":"openclaw-fail-open-security-scan-bypass-in-plugin-installation","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-fail-open-security-scan-bypass-in-plugin-installation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41377","GHSA-cwq8-6f96-g3q4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-esve-n4ww-rudc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212685?format=json","vulnerability_id":"VCID-eu95-x34h-5bhb","summary":"OpenClaw has unbounded memory growth in Zalo webhook via query-string key churn (unauthenticated DoS)","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32066","reference_id":"CVE-2026-32066","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32066"},{"reference_url":"https://github.com/advisories/GHSA-wr6m-jg37-68xh","reference_id":"GHSA-wr6m-jg37-68xh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wr6m-jg37-68xh"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wr6m-jg37-68xh","reference_id":"GHSA-wr6m-jg37-68xh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wr6m-jg37-68xh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40062?format=json","purl":"pkg:npm/openclaw@2026.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cb88-xg59-e7dh"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xbsp-wcqs-4bf4"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.1"}],"aliases":["CVE-2026-32066","GHSA-wr6m-jg37-68xh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eu95-x34h-5bhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360143?format=json","vulnerability_id":"VCID-f19h-hsfh-n3a7","summary":"Duplicate Advisory: OpenClaw: system.run approval identity mismatch could execute a different binary than displayed\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-hwpq-rrpf-pgcq. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to execute a different binary than what the approver displayed, allowing unexpected command execution under the OpenClaw runtime user when they can influence command argv and reuse an approval context.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32065","reference_id":"CVE-2026-32065","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32065"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hwpq-rrpf-pgcq","reference_id":"GHSA-hwpq-rrpf-pgcq","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hwpq-rrpf-pgcq"},{"reference_url":"https://github.com/advisories/GHSA-mxmg-3p7m-2ghr","reference_id":"GHSA-mxmg-3p7m-2ghr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxmg-3p7m-2ghr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/955420?format=json","purl":"pkg:npm/openclaw@2026.2.25-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25-beta.1"}],"aliases":["GHSA-mxmg-3p7m-2ghr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f19h-hsfh-n3a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65528?format=json","vulnerability_id":"VCID-f22e-sy58-g7fb","summary":"OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during authentication setup without explicit user consent.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43569","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29996","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43569"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/62368","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/62368"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43569","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43569"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2d97eae53e212ae26f3aebcd6a50ffc6877f770d","reference_id":"2d97eae53e212ae26f3aebcd6a50ffc6877f770d","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:42:35Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2d97eae53e212ae26f3aebcd6a50ffc6877f770d"},{"reference_url":"https://github.com/advisories/GHSA-939r-rj45-g2rj","reference_id":"GHSA-939r-rj45-g2rj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-939r-rj45-g2rj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-939r-rj45-g2rj","reference_id":"GHSA-939r-rj45-g2rj","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:42:35Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-939r-rj45-g2rj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-untrusted-provider-plugin-auto-enablement-via-workspace-provider-auth","reference_id":"openclaw-untrusted-provider-plugin-auto-enablement-via-workspace-provider-auth","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:42:35Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-untrusted-provider-plugin-auto-enablement-via-workspace-provider-auth"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373416?format=json","purl":"pkg:npm/openclaw@2026.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-bdss-ct5q-cyak"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vbfg-fz5c-9yde"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.9"}],"aliases":["CVE-2026-43569","GHSA-939r-rj45-g2rj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f22e-sy58-g7fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360088?format=json","vulnerability_id":"VCID-f273-e6zd-cqbx","summary":"Duplicate Advisory: OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-hff7-ccv5-52f8. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication credentials.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32045","reference_id":"CVE-2026-32045","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32045"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hff7-ccv5-52f8","reference_id":"GHSA-hff7-ccv5-52f8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hff7-ccv5-52f8"},{"reference_url":"https://github.com/advisories/GHSA-qwmf-95r9-gx9x","reference_id":"GHSA-qwmf-95r9-gx9x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwmf-95r9-gx9x"}],"fixed_packages":[],"aliases":["GHSA-qwmf-95r9-gx9x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f273-e6zd-cqbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212686?format=json","vulnerability_id":"VCID-f456-fjce-9bcz","summary":"OpenClaw has an unauthorized sender bypass in its stop triggers and /models command authorization","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-8m9v-xpgf-g99m","reference_id":"GHSA-8m9v-xpgf-g99m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8m9v-xpgf-g99m"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8m9v-xpgf-g99m","reference_id":"GHSA-8m9v-xpgf-g99m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8m9v-xpgf-g99m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40062?format=json","purl":"pkg:npm/openclaw@2026.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cb88-xg59-e7dh"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xbsp-wcqs-4bf4"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.1"}],"aliases":["GHSA-8m9v-xpgf-g99m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f456-fjce-9bcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75183?format=json","vulnerability_id":"VCID-f5q3-7bm2-1kgw","summary":"OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service metadata and responses through the image pipeline.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34504","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17917","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34504"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34504","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34504"},{"reference_url":"https://github.com/openclaw/openclaw/commit/80d1e8a11a2ac118c7f7a70bba9c862b6141d928","reference_id":"80d1e8a11a2ac118c7f7a70bba9c862b6141d928","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:21:09Z/"}],"url":"https://github.com/openclaw/openclaw/commit/80d1e8a11a2ac118c7f7a70bba9c862b6141d928"},{"reference_url":"https://github.com/advisories/GHSA-qxgf-hmcj-3xw3","reference_id":"GHSA-qxgf-hmcj-3xw3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qxgf-hmcj-3xw3"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3","reference_id":"GHSA-qxgf-hmcj-3xw3","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:21:09Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-image-download-in-fal-provider","reference_id":"openclaw-server-side-request-forgery-via-unguarded-image-download-in-fal-provider","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:21:09Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-image-download-in-fal-provider"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-34504","GHSA-qxgf-hmcj-3xw3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5q3-7bm2-1kgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70371?format=json","vulnerability_id":"VCID-f925-x5qa-buav","summary":"OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42439","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11169","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42439"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/48c03479211799ec3c1305ad69037cea25ba0e1e","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/48c03479211799ec3c1305ad69037cea25ba0e1e"},{"reference_url":"https://github.com/openclaw/openclaw/pull/63332","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/63332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42439","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42439"},{"reference_url":"https://github.com/openclaw/openclaw/commit/48c0347921b7e9438af0312968fc360ca88023f3","reference_id":"48c0347921b7e9438af0312968fc360ca88023f3","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:03:51Z/"}],"url":"https://github.com/openclaw/openclaw/commit/48c0347921b7e9438af0312968fc360ca88023f3"},{"reference_url":"https://github.com/advisories/GHSA-rj2p-j66c-mgqh","reference_id":"GHSA-rj2p-j66c-mgqh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rj2p-j66c-mgqh"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rj2p-j66c-mgqh","reference_id":"GHSA-rj2p-j66c-mgqh","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:03:51Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rj2p-j66c-mgqh"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-in-browser-tabs-action-routes","reference_id":"openclaw-ssrf-policy-bypass-in-browser-tabs-action-routes","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:03:51Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-in-browser-tabs-action-routes"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["CVE-2026-42439","GHSA-rj2p-j66c-mgqh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f925-x5qa-buav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70622?format=json","vulnerability_id":"VCID-f95y-gnx3-wydp","summary":"OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner message-tool runs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42433","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09834","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42433"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/62662","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/62662"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42433","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42433"},{"reference_url":"https://github.com/openclaw/openclaw/commit/fe0f686c9228fffcec6de4011da45e69a6e23e54","reference_id":"fe0f686c9228fffcec6de4011da45e69a6e23e54","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:48:50Z/"}],"url":"https://github.com/openclaw/openclaw/commit/fe0f686c9228fffcec6de4011da45e69a6e23e54"},{"reference_url":"https://github.com/advisories/GHSA-7jp6-r74r-995q","reference_id":"GHSA-7jp6-r74r-995q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7jp6-r74r-995q"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7jp6-r74r-995q","reference_id":"GHSA-7jp6-r74r-995q","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:48:50Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7jp6-r74r-995q"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unauthorized-matrix-profile-config-persistence-access-via-operator-write-message-tools","reference_id":"openclaw-unauthorized-matrix-profile-config-persistence-access-via-operator-write-message-tools","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:48:50Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unauthorized-matrix-profile-config-persistence-access-via-operator-write-message-tools"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["CVE-2026-42433","GHSA-7jp6-r74r-995q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f95y-gnx3-wydp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76891?format=json","vulnerability_id":"VCID-f97e-xtcp-eqfe","summary":"OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron functionality in mixed-trust channels.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32035","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12496","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32035"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32035","reference_id":"CVE-2026-32035","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32035"},{"reference_url":"https://github.com/advisories/GHSA-wpg9-4g4v-f9rc","reference_id":"GHSA-wpg9-4g4v-f9rc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpg9-4g4v-f9rc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wpg9-4g4v-f9rc","reference_id":"GHSA-wpg9-4g4v-f9rc","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:54:53Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wpg9-4g4v-f9rc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-missing-owner-flag-validation-in-discord-voice-transcript-handler","reference_id":"openclaw-missing-owner-flag-validation-in-discord-voice-transcript-handler","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:54:53Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-missing-owner-flag-validation-in-discord-voice-transcript-handler"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40136?format=json","purl":"pkg:npm/openclaw@2026.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2"}],"aliases":["CVE-2026-32035","GHSA-wpg9-4g4v-f9rc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f97e-xtcp-eqfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70438?format=json","vulnerability_id":"VCID-fcfw-yctj-v3cy","summary":"OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and PS4, affecting execution semantics and security controls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42435","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31188","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42435"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/65717","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/65717"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8f8492d172f4c5b4fd7dd9a47855ed620c8770ab","reference_id":"8f8492d172f4c5b4fd7dd9a47855ed620c8770ab","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:30:14Z/"}],"url":"https://github.com/openclaw/openclaw/commit/8f8492d172f4c5b4fd7dd9a47855ed620c8770ab"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42435","reference_id":"CVE-2026-42435","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42435"},{"reference_url":"https://github.com/advisories/GHSA-j6c7-3h5x-99g9","reference_id":"GHSA-j6c7-3h5x-99g9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j6c7-3h5x-99g9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j6c7-3h5x-99g9","reference_id":"GHSA-j6c7-3h5x-99g9","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:30:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j6c7-3h5x-99g9"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-shell-wrapper-detection-bypass-via-environment-variable-assignment-injection","reference_id":"openclaw-shell-wrapper-detection-bypass-via-environment-variable-assignment-injection","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:30:14Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-shell-wrapper-detection-bypass-via-environment-variable-assignment-injection"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373522?format=json","purl":"pkg:npm/openclaw@2026.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12"}],"aliases":["CVE-2026-42435","GHSA-j6c7-3h5x-99g9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fcfw-yctj-v3cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69771?format=json","vulnerability_id":"VCID-fgkb-fmuq-wffh","summary":"OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious extensions/<plugin>/setup-api.js file in a repository and convincing a user to run OpenClaw commands from that directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45004","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02795","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45004"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45004","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45004"},{"reference_url":"https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707","reference_id":"993781e6e6eaf50f033cfc3e3bf4f47059740707","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/"}],"url":"https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707"},{"reference_url":"https://github.com/advisories/GHSA-r39h-4c2p-3jxp","reference_id":"GHSA-r39h-4c2p-3jxp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r39h-4c2p-3jxp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp","reference_id":"GHSA-r39h-4c2p-3jxp","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory","reference_id":"openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375456?format=json","purl":"pkg:npm/openclaw@2026.4.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23"}],"aliases":["CVE-2026-45004","GHSA-r39h-4c2p-3jxp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgkb-fmuq-wffh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77100?format=json","vulnerability_id":"VCID-fgvc-92pj-h3c1","summary":"OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32979","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15715","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32979"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32979","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32979"},{"reference_url":"https://github.com/advisories/GHSA-xf99-j42q-5w5p","reference_id":"GHSA-xf99-j42q-5w5p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xf99-j42q-5w5p"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xf99-j42q-5w5p","reference_id":"GHSA-xf99-j42q-5w5p","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T12:49:40Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xf99-j42q-5w5p"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unbound-interpreter-and-runtime-commands-bypass-in-node-host-approval","reference_id":"openclaw-unbound-interpreter-and-runtime-commands-bypass-in-node-host-approval","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T12:49:40Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unbound-interpreter-and-runtime-commands-bypass-in-node-host-approval"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["CVE-2026-32979","GHSA-xf99-j42q-5w5p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgvc-92pj-h3c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212721?format=json","vulnerability_id":"VCID-fvrb-5u2m-13eg","summary":"OpenClaw unpaired device identity can bypass operator pairing and self-assign operator scopes with shared auth","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-553v-f69r-656j","reference_id":"GHSA-553v-f69r-656j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-553v-f69r-656j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-553v-f69r-656j","reference_id":"GHSA-553v-f69r-656j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-553v-f69r-656j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["GHSA-553v-f69r-656j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fvrb-5u2m-13eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359840?format=json","vulnerability_id":"VCID-fzag-upa9-n7cr","summary":"OpenClaw: Sandbox file operations use check-then-act, bypassing fd-based TOCTOU defenses\n## Summary\nSandbox file operations use check-then-act, bypassing fd-based TOCTOU defenses\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Released workspace-only apply_patch remove and mkdir operations were still check-then-act, but the draft overstates scope by bundling broader edit paths; keep it open but narrow it to the actual sandbox-workspace mutation boundary.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `32a4a47d602e0618f87b3e59f94d8c142767f860` — 2026-03-30T16:49:49+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/advisories/GHSA-rm5c-4rmf-vvhw","reference_id":"GHSA-rm5c-4rmf-vvhw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm5c-4rmf-vvhw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rm5c-4rmf-vvhw","reference_id":"GHSA-rm5c-4rmf-vvhw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rm5c-4rmf-vvhw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["GHSA-rm5c-4rmf-vvhw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fzag-upa9-n7cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360178?format=json","vulnerability_id":"VCID-g2hf-mzjs-2fbn","summary":"Duplicate Advisory: OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hc5h-pmr3-3497. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33579","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33579"},{"reference_url":"https://github.com/advisories/GHSA-f275-5h5c-5wg5","reference_id":"GHSA-f275-5h5c-5wg5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f275-5h5c-5wg5"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497","reference_id":"GHSA-hc5h-pmr3-3497","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-f275-5h5c-5wg5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2hf-mzjs-2fbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77388?format=json","vulnerability_id":"VCID-g7fp-6gzk-83gk","summary":"OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers can send messages and reactions as DM-paired identities without explicit groupAllowFrom membership to bypass group sender authorization checks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32006","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17246","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32006"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/1aadf26f9acc399affabd859937a09468a9c5cb4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/1aadf26f9acc399affabd859937a09468a9c5cb4"},{"reference_url":"https://github.com/openclaw/openclaw/commit/051fdcc428129446e7c084260f837b7284279ce9","reference_id":"051fdcc428129446e7c084260f837b7284279ce9","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T18:02:17Z/"}],"url":"https://github.com/openclaw/openclaw/commit/051fdcc428129446e7c084260f837b7284279ce9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32006","reference_id":"CVE-2026-32006","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32006"},{"reference_url":"https://github.com/advisories/GHSA-25pw-4h6w-qwvm","reference_id":"GHSA-25pw-4h6w-qwvm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-25pw-4h6w-qwvm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-25pw-4h6w-qwvm","reference_id":"GHSA-25pw-4h6w-qwvm","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T18:02:17Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-25pw-4h6w-qwvm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-dm-pairing-store-fallback-in-group-allowlist","reference_id":"openclaw-authorization-bypass-via-dm-pairing-store-fallback-in-group-allowlist","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T18:02:17Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-dm-pairing-store-fallback-in-group-allowlist"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["CVE-2026-32006","GHSA-25pw-4h6w-qwvm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7fp-6gzk-83gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360126?format=json","vulnerability_id":"VCID-g8k6-3qev-v7ga","summary":"OpenClaw's Zalouser allowlist authorization matched mutable group names by default\n### Summary\n\nOpenClaw's Zalouser allowlist mode accepted mutable group names and normalized slugs as authorization matches instead of requiring stable group IDs. In deployments that used name-based `channels.zalouser.groups` entries together with permissive sender allowlists, a different group could be accepted by reusing the same display name as an allowlisted group.\n\n### Impact\n\nThis weakened channel authorization for Zalouser group routing and could allow messages from an unintended group to reach the agent when operators relied on group names instead of stable IDs.\n\n### Affected versions\n\n`openclaw` `<= 2026.3.11`\n\n### Patch\n\nFixed in `openclaw` `2026.3.12`. Allowlist authorization now matches stable group identifiers, and users should update to `2026.3.12` or later.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12"},{"reference_url":"https://github.com/advisories/GHSA-f5mf-3r52-r83w","reference_id":"GHSA-f5mf-3r52-r83w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f5mf-3r52-r83w"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f5mf-3r52-r83w","reference_id":"GHSA-f5mf-3r52-r83w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f5mf-3r52-r83w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["GHSA-f5mf-3r52-r83w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8k6-3qev-v7ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80745?format=json","vulnerability_id":"VCID-gd62-paxx-abgy","summary":"OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through config reload operations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41916","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25115","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41916"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41916","reference_id":"CVE-2026-41916","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41916"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:00:46Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-68x5-xx89-w9mm","reference_id":"GHSA-68x5-xx89-w9mm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68x5-xx89-w9mm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-68x5-xx89-w9mm","reference_id":"GHSA-68x5-xx89-w9mm","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:00:46Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-68x5-xx89-w9mm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-stale-authentication-state-via-config-reload","reference_id":"openclaw-stale-authentication-state-via-config-reload","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:00:46Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-stale-authentication-state-via-config-reload"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-41916","GHSA-68x5-xx89-w9mm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gd62-paxx-abgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80056?format=json","vulnerability_id":"VCID-ggpx-kfke-xfhr","summary":"OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks in the current working directory after approval. An attacker can modify mutable parent symlink path components between approval and execution time to redirect command execution to a different location while preserving the visible working directory string.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27545","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08605","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27545"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/4b4718c8dfce2e2c48404aa5088af7c013bed60b","reference_id":"4b4718c8dfce2e2c48404aa5088af7c013bed60b","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:01:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/4b4718c8dfce2e2c48404aa5088af7c013bed60b"},{"reference_url":"https://github.com/openclaw/openclaw/commit/4e690e09c746408b5e27617a20cb3fdc5190dbda","reference_id":"4e690e09c746408b5e27617a20cb3fdc5190dbda","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:01:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/4e690e09c746408b5e27617a20cb3fdc5190dbda"},{"reference_url":"https://github.com/openclaw/openclaw/commit/78a7ff2d50fb3bcef351571cb5a0f21430a340c1","reference_id":"78a7ff2d50fb3bcef351571cb5a0f21430a340c1","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:01:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/78a7ff2d50fb3bcef351571cb5a0f21430a340c1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27545","reference_id":"CVE-2026-27545","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27545"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d06632ba45a8482192792c55d5ff0b2e21abb0a7","reference_id":"d06632ba45a8482192792c55d5ff0b2e21abb0a7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:01:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d06632ba45a8482192792c55d5ff0b2e21abb0a7"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d82c042b09727a6148f3ca651b254c4a677aff26","reference_id":"d82c042b09727a6148f3ca651b254c4a677aff26","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:01:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d82c042b09727a6148f3ca651b254c4a677aff26"},{"reference_url":"https://github.com/advisories/GHSA-f7ww-2725-qvw2","reference_id":"GHSA-f7ww-2725-qvw2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7ww-2725-qvw2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f7ww-2725-qvw2","reference_id":"GHSA-f7ww-2725-qvw2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:01:58Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f7ww-2725-qvw2"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-parent-symlink-current-working-directory-rebind","reference_id":"openclaw-approval-bypass-via-parent-symlink-current-working-directory-rebind","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:01:58Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-parent-symlink-current-working-directory-rebind"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["CVE-2026-27545","GHSA-f7ww-2725-qvw2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggpx-kfke-xfhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359253?format=json","vulnerability_id":"VCID-gh64-hwfz-p3ep","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41380","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08327","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41380"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/9ec44fad390f0bc1c29c3cc418b322560cb0222b","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/9ec44fad390f0bc1c29c3cc418b322560cb0222b"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-p4x4-2r7f-wjxg","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-p4x4-2r7f-wjxg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41380","reference_id":"CVE-2026-41380","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41380"},{"reference_url":"https://github.com/advisories/GHSA-p4x4-2r7f-wjxg","reference_id":"GHSA-p4x4-2r7f-wjxg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p4x4-2r7f-wjxg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41380","GHSA-p4x4-2r7f-wjxg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gh64-hwfz-p3ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360025?format=json","vulnerability_id":"VCID-gtx5-qd3p-cyd2","summary":"Duplicate Advisory: OpenClaw: Zalo webhook rate limiting could be bypassed before secret validation\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-5m9r-p9g7-679c. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling systematic secret guessing and subsequent forged webhook submission.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34505","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34505"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5m9r-p9g7-679c","reference_id":"GHSA-5m9r-p9g7-679c","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5m9r-p9g7-679c"},{"reference_url":"https://github.com/advisories/GHSA-cxfr-3qp8-hpmw","reference_id":"GHSA-cxfr-3qp8-hpmw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cxfr-3qp8-hpmw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["GHSA-cxfr-3qp8-hpmw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gtx5-qd3p-cyd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77350?format=json","vulnerability_id":"VCID-gyeu-sff6-vfgb","summary":"OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content while maintaining the same approved command shape.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32921","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20431","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32921"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32921","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32921"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c76d29208bf6a7f058d2cf582519d28069e42240","reference_id":"c76d29208bf6a7f058d2cf582519d28069e42240","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T12:25:07Z/"}],"url":"https://github.com/openclaw/openclaw/commit/c76d29208bf6a7f058d2cf582519d28069e42240"},{"reference_url":"https://github.com/openclaw/openclaw/commit/cf3a479bd1204f62eef7dd82b4aa328749ae6c91","reference_id":"cf3a479bd1204f62eef7dd82b4aa328749ae6c91","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T12:25:07Z/"}],"url":"https://github.com/openclaw/openclaw/commit/cf3a479bd1204f62eef7dd82b4aa328749ae6c91"},{"reference_url":"https://github.com/advisories/GHSA-8g75-q649-6pv6","reference_id":"GHSA-8g75-q649-6pv6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8g75-q649-6pv6"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8g75-q649-6pv6","reference_id":"GHSA-8g75-q649-6pv6","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T12:25:07Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8g75-q649-6pv6"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-script-content-modification-via-mutable-operand-binding-in-system-run","reference_id":"openclaw-script-content-modification-via-mutable-operand-binding-in-system-run","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T12:25:07Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-script-content-modification-via-mutable-operand-binding-in-system-run"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374860?format=json","purl":"pkg:npm/openclaw@2026.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.8"}],"aliases":["CVE-2026-32921","GHSA-8g75-q649-6pv6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gyeu-sff6-vfgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360161?format=json","vulnerability_id":"VCID-h35e-at78-gban","summary":"Duplicate Advisory: Exec allowlist wrapper analysis did not unwrap env/shell dispatch chains\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-jj82-76v6-933r. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while executing non-allowlisted commands.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27566","reference_id":"CVE-2026-27566","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27566"},{"reference_url":"https://github.com/advisories/GHSA-3846-mfvc-xwpf","reference_id":"GHSA-3846-mfvc-xwpf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3846-mfvc-xwpf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jj82-76v6-933r","reference_id":"GHSA-jj82-76v6-933r","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jj82-76v6-933r"}],"fixed_packages":[],"aliases":["GHSA-3846-mfvc-xwpf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h35e-at78-gban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81072?format=json","vulnerability_id":"VCID-h5h5-c9az-4be3","summary":"OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41396","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02637","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41396"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41396","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41396"},{"reference_url":"https://github.com/openclaw/openclaw/commit/330a9f98cb29c79b1c16a2117e03d6276a0d6289","reference_id":"330a9f98cb29c79b1c16a2117e03d6276a0d6289","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T19:16:36Z/"}],"url":"https://github.com/openclaw/openclaw/commit/330a9f98cb29c79b1c16a2117e03d6276a0d6289"},{"reference_url":"https://github.com/advisories/GHSA-qcj9-wwgw-6gm8","reference_id":"GHSA-qcj9-wwgw-6gm8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcj9-wwgw-6gm8"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qcj9-wwgw-6gm8","reference_id":"GHSA-qcj9-wwgw-6gm8","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T19:16:36Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qcj9-wwgw-6gm8"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-override-of-plugin-trust-root","reference_id":"openclaw-environment-variable-override-of-plugin-trust-root","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T19:16:36Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-override-of-plugin-trust-root"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41396","GHSA-qcj9-wwgw-6gm8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h5h5-c9az-4be3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75226?format=json","vulnerability_id":"VCID-h6wv-azua-wkgw","summary":"OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped execution, command substitution, or subshell invocation to bypass the validateScriptFileForShellBleed() validation checks and execute arbitrary script content that would otherwise be blocked.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34425","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07494","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34425"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34425","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34425"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513","reference_id":"8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:00:24Z/"}],"url":"https://github.com/openclaw/openclaw/commit/8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513"},{"reference_url":"https://github.com/advisories/GHSA-fvx6-pj3r-5q4q","reference_id":"GHSA-fvx6-pj3r-5q4q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fvx6-pj3r-5q4q"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4q","reference_id":"GHSA-fvx6-pj3r-5q4q","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:00:24Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4q"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-shell-bleed-protection-preflight-validation-bypass","reference_id":"openclaw-shell-bleed-protection-preflight-validation-bypass","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:00:24Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-shell-bleed-protection-preflight-validation-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-34425","GHSA-fvx6-pj3r-5q4q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6wv-azua-wkgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74642?format=json","vulnerability_id":"VCID-h77b-c2kq-8kej","summary":"OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34511","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13138","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34511"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34511","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34511"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f","reference_id":"a26f4d0f3ef0757db6c6c40277cc06a5de76c52f","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:56:07Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f"},{"reference_url":"https://github.com/advisories/GHSA-9jpj-g8vv-j5mf","reference_id":"GHSA-9jpj-g8vv-j5mf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9jpj-g8vv-j5mf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf","reference_id":"GHSA-9jpj-g8vv-j5mf","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:56:07Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-pkce-verifier-exposure-via-oauth-state-parameter","reference_id":"openclaw-pkce-verifier-exposure-via-oauth-state-parameter","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:56:07Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-pkce-verifier-exposure-via-oauth-state-parameter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-34511","GHSA-9jpj-g8vv-j5mf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h77b-c2kq-8kej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65597?format=json","vulnerability_id":"VCID-h78a-py8h-ekgj","summary":"OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES. Attackers can exploit this by manipulating these environment variables to influence downstream execution behavior or network connectivity.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43584","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33695","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43584"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43584","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43584"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2d126fc62343a7b6895351f96e4e1474bc358140","reference_id":"2d126fc62343a7b6895351f96e4e1474bc358140","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:02:18Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2d126fc62343a7b6895351f96e4e1474bc358140"},{"reference_url":"https://github.com/advisories/GHSA-vfp4-8x56-j7c5","reference_id":"GHSA-vfp4-8x56-j7c5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfp4-8x56-j7c5"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vfp4-8x56-j7c5","reference_id":"GHSA-vfp4-8x56-j7c5","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:02:18Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vfp4-8x56-j7c5"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-insufficient-environment-variable-denylist-in-exec-policy","reference_id":"openclaw-insufficient-environment-variable-denylist-in-exec-policy","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:02:18Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-insufficient-environment-variable-denylist-in-exec-policy"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["CVE-2026-43584","GHSA-vfp4-8x56-j7c5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h78a-py8h-ekgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359785?format=json","vulnerability_id":"VCID-hbkd-8rx2-4qb8","summary":"OpenClaw: Agent gateway config mutations could change protected operator settings\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nThe agent-facing `gateway config.patch` / `config.apply` guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening. A prompt-injected model with access to the owner-only gateway tool could persist changes to those settings.\n\nThis is a model-to-operator guard bypass, not a remote unauthenticated gateway compromise. Severity is medium.\n\n## Fix\n\nOpenClaw now blocks model-driven gateway config mutations for the broader operator-trusted path set and covers per-agent overrides and array-entry patching.\n\nFix commit:\n\n- `fe30b31a97a917ecc6e92f6c85378b6b20352422`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-7jm2-g593-4qrc","reference_id":"GHSA-7jm2-g593-4qrc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7jm2-g593-4qrc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7jm2-g593-4qrc","reference_id":"GHSA-7jm2-g593-4qrc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7jm2-g593-4qrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-7jm2-g593-4qrc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbkd-8rx2-4qb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359258?format=json","vulnerability_id":"VCID-hh2g-pzbh-13ax","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41406","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14355","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41406"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/f45e5a6569aab1d58cc6de25b19f1dc4c8779b85","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/f45e5a6569aab1d58cc6de25b19f1dc4c8779b85"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-877v-w3f5-3pcq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-877v-w3f5-3pcq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41406","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41406"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-thread-history-and-quoted-messages","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-thread-history-and-quoted-messages"},{"reference_url":"https://github.com/advisories/GHSA-877v-w3f5-3pcq","reference_id":"GHSA-877v-w3f5-3pcq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-877v-w3f5-3pcq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41406","GHSA-877v-w3f5-3pcq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hh2g-pzbh-13ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360092?format=json","vulnerability_id":"VCID-hpwn-wgb8-xbh4","summary":"OpenClaw: Gateway `agent` calls could override the workspace boundary\n### Summary\n\nThe public gateway `agent` RPC allowed an authenticated operator with `operator.write` to supply attacker-controlled `spawnedBy` and `workspaceDir` values. That let the caller re-root the agent run outside its configured workspace boundary.\n\n### Impact\n\nA non-owner operator could escape the intended workspace boundary and run normal file and exec tools from an arbitrary process-accessible directory.\n\n### Affected versions\n\n`openclaw` `<= 2026.3.8`\n\n### Patch\n\nFixed in `openclaw` `2026.3.11` and included in later releases such as `2026.3.12`. The gateway now enforces the configured workspace boundary for agent runs regardless of caller-supplied overrides.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-2rqg-gjgv-84jm","reference_id":"GHSA-2rqg-gjgv-84jm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rqg-gjgv-84jm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2rqg-gjgv-84jm","reference_id":"GHSA-2rqg-gjgv-84jm","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2rqg-gjgv-84jm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-2rqg-gjgv-84jm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpwn-wgb8-xbh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80877?format=json","vulnerability_id":"VCID-hrnb-5t6m-jkaq","summary":"OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist modifications against different channels, violating the intended trust model.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41910","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25118","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41910"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41910","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41910"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:04:48Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-vc32-h5mq-453v","reference_id":"GHSA-vc32-h5mq-453v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vc32-h5mq-453v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vc32-h5mq-453v","reference_id":"GHSA-vc32-h5mq-453v","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:04:48Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vc32-h5mq-453v"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-missing-owner-only-enforcement-in-allowlist-cross-channel-writes","reference_id":"openclaw-missing-owner-only-enforcement-in-allowlist-cross-channel-writes","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:04:48Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-missing-owner-only-enforcement-in-allowlist-cross-channel-writes"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-41910","GHSA-vc32-h5mq-453v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hrnb-5t6m-jkaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77592?format=json","vulnerability_id":"VCID-hvg4-uvx3-mbg2","summary":"OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway process permissions, potentially enabling code execution through file overwrite attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32013","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15553","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32013"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/125f4071bcbc0de32e769940d07967db47f09d3d","reference_id":"125f4071bcbc0de32e769940d07967db47f09d3d","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T18:03:49Z/"}],"url":"https://github.com/openclaw/openclaw/commit/125f4071bcbc0de32e769940d07967db47f09d3d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32013","reference_id":"CVE-2026-32013","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32013"},{"reference_url":"https://github.com/advisories/GHSA-fgvx-58p6-gjwc","reference_id":"GHSA-fgvx-58p6-gjwc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fgvx-58p6-gjwc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fgvx-58p6-gjwc","reference_id":"GHSA-fgvx-58p6-gjwc","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T18:03:49Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fgvx-58p6-gjwc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-agents-files-methods","reference_id":"openclaw-symlink-traversal-in-agents-files-methods","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T18:03:49Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-agents-files-methods"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["CVE-2026-32013","GHSA-fgvx-58p6-gjwc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvg4-uvx3-mbg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212774?format=json","vulnerability_id":"VCID-hvv4-s4g7-vfea","summary":"OpenClaw's dashboard leaked gateway auth material via browser URL/query and localStorage","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/10d0e3f3ca92326df0ca071fabffe463742f263c","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/10d0e3f3ca92326df0ca071fabffe463742f263c"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"},{"reference_url":"https://github.com/advisories/GHSA-rchv-x836-w7xp","reference_id":"GHSA-rchv-x836-w7xp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rchv-x836-w7xp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rchv-x836-w7xp","reference_id":"GHSA-rchv-x836-w7xp","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rchv-x836-w7xp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40410?format=json","purl":"pkg:npm/openclaw@2026.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.7"}],"aliases":["GHSA-rchv-x836-w7xp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvv4-s4g7-vfea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360117?format=json","vulnerability_id":"VCID-hy1q-5cfa-q7es","summary":"OpenClaw: LINE group allowlist scope mismatch with DM pairing-store entries\n### Summary\nIn specific LINE configurations, sender IDs approved through DM pairing could also satisfy group allowlist checks when operators expected group sender access to be scoped only to explicit group allowlists.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published version at triage/update time: `2026.2.25`\n- Affected: `<= 2026.2.25`\n- Patched: `>= 2026.2.26` (planned next release)\n\n### Impact\nThis is a group-authorization scope mismatch. DM pairing-store entries could influence group sender authorization in allowlist mode.\n\n### Technical Details\nRoot cause: group allowlist composition inherited pairing-store entries intended for DM approvals. Under default DM pairing policy, a DM-paired sender could match group allowlist checks.\n\nFixes on `main`:\n- isolate group allowlist composition from pairing-store entries\n- centralize shared DM/group allowlist composition to preserve DM-only pairing behavior\n- add regression coverage for LINE and Mattermost policy paths\n\n### Fix Commit(s)\n- `8bdda7a651c21e98faccdbbd73081e79cffe8be0`\n- `892a9c24b0f6118729ab5b5f5499b1a7e792dd15` (follow-up refactor hardening)\n\n### Release Process Note\n`patched_versions` is pre-set to `>= 2026.2.26` so once npm `2026.2.26` is published, this advisory can be published directly without additional version-field edits.\n\nThanks @tdjackey for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/892a9c24b0f6118729ab5b5f5499b1a7e792dd15","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/892a9c24b0f6118729ab5b5f5499b1a7e792dd15"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gp3q-wpq4-5c5h","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gp3q-wpq4-5c5h"},{"reference_url":"https://github.com/advisories/GHSA-gp3q-wpq4-5c5h","reference_id":"GHSA-gp3q-wpq4-5c5h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gp3q-wpq4-5c5h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["GHSA-gp3q-wpq4-5c5h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hy1q-5cfa-q7es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81006?format=json","vulnerability_id":"VCID-j13w-x4ky-8yhd","summary":"OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files to execute untrusted code or load malicious credentials.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41332","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05633","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41332"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/6eb82fba3cbfd0e50b179c1fada92e1e22dce7fa","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/6eb82fba3cbfd0e50b179c1fada92e1e22dce7fa"},{"reference_url":"https://github.com/advisories/GHSA-m866-6qv5-p2fg","reference_id":"GHSA-m866-6qv5-p2fg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m866-6qv5-p2fg"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m866-6qv5-p2fg","reference_id":"GHSA-m866-6qv5-p2fg","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:46:25Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m866-6qv5-p2fg"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-code-execution-via-missing-environment-variable-blocklist","reference_id":"openclaw-code-execution-via-missing-environment-variable-blocklist","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:46:25Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-code-execution-via-missing-environment-variable-blocklist"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41332","GHSA-m866-6qv5-p2fg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j13w-x4ky-8yhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360196?format=json","vulnerability_id":"VCID-j7bv-npgz-n7e7","summary":"OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens\n### Summary\n\nOpenClaw pairing setup codes generated by `/pair` and `openclaw qr` embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential.\n\n### Impact\n\nAn attacker with access to a leaked setup code could reuse the shared gateway credential outside the intended one-time pairing flow.\n\n### Affected versions\n\n`openclaw` `<= 2026.3.11`\n\n### Patch\n\nFixed in `openclaw` `2026.3.12`. Setup codes now carry short-lived bootstrap tokens that are only valid for the initial device bootstrap exchange. Update to `2026.3.12` or later and rotate any previously exposed shared gateway credentials if setup codes may have leaked.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12"},{"reference_url":"https://github.com/advisories/GHSA-7h7g-x2px-94hj","reference_id":"GHSA-7h7g-x2px-94hj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h7g-x2px-94hj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7h7g-x2px-94hj","reference_id":"GHSA-7h7g-x2px-94hj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7h7g-x2px-94hj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["GHSA-7h7g-x2px-94hj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7bv-npgz-n7e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360035?format=json","vulnerability_id":"VCID-j7uv-qgjz-ubdq","summary":"Duplicate Advisory: OpenClaw's system.run allowlist bypass via shell line-continuation command substitution\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-9868-vxmx-w862. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass security analysis by injecting $\\\\ followed by a newline and opening parenthesis inside double quotes, causing the shell to fold the line continuation into executable command substitution that circumvents approval boundaries.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28460","reference_id":"CVE-2026-28460","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28460"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9868-vxmx-w862","reference_id":"GHSA-9868-vxmx-w862","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9868-vxmx-w862"},{"reference_url":"https://github.com/advisories/GHSA-xrgv-34cc-q765","reference_id":"GHSA-xrgv-34cc-q765","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrgv-34cc-q765"}],"fixed_packages":[],"aliases":["GHSA-xrgv-34cc-q765"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7uv-qgjz-ubdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212720?format=json","vulnerability_id":"VCID-j9kk-jqgm-kqbk","summary":"OpenClaw: MS Teams fileConsent/invoke missing conversation binding allowed cross-conversation pending-upload consumption","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/347f7b9550064f5f5b33c6e07f64e85b9657b6f1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/347f7b9550064f5f5b33c6e07f64e85b9657b6f1"},{"reference_url":"https://github.com/advisories/GHSA-j26j-7qc4-3mrf","reference_id":"GHSA-j26j-7qc4-3mrf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j26j-7qc4-3mrf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j26j-7qc4-3mrf","reference_id":"GHSA-j26j-7qc4-3mrf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j26j-7qc4-3mrf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["GHSA-j26j-7qc4-3mrf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j9kk-jqgm-kqbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65483?format=json","vulnerability_id":"VCID-jarm-du2f-1uef","summary":"OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and preflight read, causing the validator to inspect a different file identity than the one that passed the initial boundary check.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43529","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0215","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43529"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/62333","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/62333"},{"reference_url":"https://github.com/openclaw/openclaw/commit/b024fae9e5df43e9b69b2daebb72be3469d52e91","reference_id":"b024fae9e5df43e9b69b2daebb72be3469d52e91","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:18:03Z/"}],"url":"https://github.com/openclaw/openclaw/commit/b024fae9e5df43e9b69b2daebb72be3469d52e91"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43529","reference_id":"CVE-2026-43529","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43529"},{"reference_url":"https://github.com/advisories/GHSA-gj9q-8w99-mp8j","reference_id":"GHSA-gj9q-8w99-mp8j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj9q-8w99-mp8j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gj9q-8w99-mp8j","reference_id":"GHSA-gj9q-8w99-mp8j","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:18:03Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gj9q-8w99-mp8j"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-toctou-race-condition-in-exec-script-preflight-validator","reference_id":"openclaw-time-of-check-time-of-use-toctou-race-condition-in-exec-script-preflight-validator","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:18:03Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-toctou-race-condition-in-exec-script-preflight-validator"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["CVE-2026-43529","GHSA-gj9q-8w99-mp8j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jarm-du2f-1uef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360332?format=json","vulnerability_id":"VCID-jdbz-6b2q-xyav","summary":"OpenClaw's Gateway Control UI bootstrap config required Gateway auth\n## Summary\nGateway Control UI bootstrap config required Gateway auth.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nWhen Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be read without a valid Gateway token. That response could expose sensitive bootstrap/config fields intended only for authenticated Control UI sessions.\n\n## Fix\nThe bootstrap config route now goes through the same Gateway read-auth path as other authenticated Control UI reads. Regression tests cover unauthenticated rejection, valid-token access, and basePath handling.\n\n## Fix Commit(s)\n- 2321d67263bc710e357644d59f746b08d891051b\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @zsxsoft for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-93rg-2xm5-2p9v","reference_id":"GHSA-93rg-2xm5-2p9v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93rg-2xm5-2p9v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v","reference_id":"GHSA-93rg-2xm5-2p9v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["GHSA-93rg-2xm5-2p9v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdbz-6b2q-xyav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80642?format=json","vulnerability_id":"VCID-jj5g-2uaq-tua3","summary":"OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system configurations and compromise host execution integrity.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41369","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1726","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41369"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/commit/eb8de6715f02949c21c4e895fffc8a6dcb00975c","reference_id":"eb8de6715f02949c21c4e895fffc8a6dcb00975c","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:01:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/eb8de6715f02949c21c4e895fffc8a6dcb00975c"},{"reference_url":"https://github.com/advisories/GHSA-cg7q-fg22-4g98","reference_id":"GHSA-cg7q-fg22-4g98","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cg7q-fg22-4g98"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cg7q-fg22-4g98","reference_id":"GHSA-cg7q-fg22-4g98","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:01:58Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cg7q-fg22-4g98"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-insufficient-environment-variable-sanitization-in-host-execution","reference_id":"openclaw-insufficient-environment-variable-sanitization-in-host-execution","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:01:58Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-insufficient-environment-variable-sanitization-in-host-execution"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41369","GHSA-cg7q-fg22-4g98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jj5g-2uaq-tua3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81044?format=json","vulnerability_id":"VCID-jnbs-cnfs-nkb5","summary":"OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized actions on HTTP operator endpoints.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41347","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0472","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41347"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41347","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41347"},{"reference_url":"https://github.com/openclaw/openclaw/commit/6b3f99a11f4d070fa5ed2533abbb3d7329ea4f0d","reference_id":"6b3f99a11f4d070fa5ed2533abbb3d7329ea4f0d","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:35:10Z/"}],"url":"https://github.com/openclaw/openclaw/commit/6b3f99a11f4d070fa5ed2533abbb3d7329ea4f0d"},{"reference_url":"https://github.com/advisories/GHSA-mhr7-2xmv-4c4q","reference_id":"GHSA-mhr7-2xmv-4c4q","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mhr7-2xmv-4c4q"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mhr7-2xmv-4c4q","reference_id":"GHSA-mhr7-2xmv-4c4q","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:35:10Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mhr7-2xmv-4c4q"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-cross-site-request-forgery-via-missing-browser-origin-validation-in-http-operator-endpoints","reference_id":"openclaw-cross-site-request-forgery-via-missing-browser-origin-validation-in-http-operator-endpoints","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:35:10Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-cross-site-request-forgery-via-missing-browser-origin-validation-in-http-operator-endpoints"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41347","GHSA-mhr7-2xmv-4c4q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jnbs-cnfs-nkb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359771?format=json","vulnerability_id":"VCID-juz5-e48p-hufx","summary":"Duplicate Advisory: OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-4qwc-c7g9-4xcw. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate unbounded memory before failure handling occurs.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35633","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35633"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw","reference_id":"GHSA-4qwc-c7g9-4xcw","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw"},{"reference_url":"https://github.com/advisories/GHSA-hm63-vwj4-mj2q","reference_id":"GHSA-hm63-vwj4-mj2q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm63-vwj4-mj2q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["GHSA-hm63-vwj4-mj2q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-juz5-e48p-hufx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359880?format=json","vulnerability_id":"VCID-jwnv-j7hq-sbh9","summary":"OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths\n## Summary\n\nThe QMD backend `memory_get` read path accepted arbitrary workspace Markdown paths that were inside the workspace but outside the canonical memory locations or indexed QMD result set.\n\n## Impact\n\nWhen the QMD backend was enabled, a caller with access to `memory_get` could read arbitrary `*.md` files under the configured workspace root, even when those files were not canonical memory files and had not been returned by QMD search. Severity remains low because exploitation requires access to the memory tool surface and is limited to workspace Markdown files, but it bypassed the intended memory-path policy.\n\n## Affected versions\n\n- Affected: `< 2026.4.15`\n- Patched: `2026.4.15`\n\n## Fix\n\nOpenClaw `2026.4.15` restricts QMD reads to canonical memory paths or previously indexed QMD workspace paths. Workspace containment alone is no longer sufficient.\n\nVerified in `v2026.4.15`:\n\n- `extensions/memory-core/src/memory/qmd-manager.ts` rejects non-default workspace Markdown paths unless they match an indexed QMD workspace read path.\n- `extensions/memory-core/src/memory/qmd-manager.test.ts` covers QMD session search-result reads and the read-path restriction behavior.\n\nFix commit included in `v2026.4.15` and absent from `v2026.4.14`:\n\n- `37d5971db36491d5050efd42c333cbe0b98ed292` via PR #66026\n\nThanks to @zsxsoft, Keen Security Lab, and @qclawer for reporting this issue.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/66026","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/66026"},{"reference_url":"https://github.com/advisories/GHSA-f934-5rqf-xx47","reference_id":"GHSA-f934-5rqf-xx47","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f934-5rqf-xx47"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47","reference_id":"GHSA-f934-5rqf-xx47","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373280?format=json","purl":"pkg:npm/openclaw@2026.4.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15"}],"aliases":["GHSA-f934-5rqf-xx47"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwnv-j7hq-sbh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359935?format=json","vulnerability_id":"VCID-jzrz-3e6m-c7ez","summary":"Duplicate Advisory: OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-h3x4-hc5v-v2gm. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34426","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34426"},{"reference_url":"https://github.com/advisories/GHSA-8h8f-7cxm-m38j","reference_id":"GHSA-8h8f-7cxm-m38j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8h8f-7cxm-m38j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47","reference_id":"GHSA-98ch-45wp-ch47","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["GHSA-8h8f-7cxm-m38j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzrz-3e6m-c7ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359257?format=json","vulnerability_id":"VCID-jzvr-jz7v-q3h1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41405","reference_id":"","reference_type":"","scores":[{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45758","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41405"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3834d47099dd13c8244ed6de8b9ea9855c553623","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/3834d47099dd13c8244ed6de8b9ea9855c553623"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-p464-m8x6-vhv8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-p464-m8x6-vhv8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41405","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41405"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-resource-exhaustion-via-unauthenticated-ms-teams-webhook-body-parsing","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-resource-exhaustion-via-unauthenticated-ms-teams-webhook-body-parsing"},{"reference_url":"https://github.com/advisories/GHSA-p464-m8x6-vhv8","reference_id":"GHSA-p464-m8x6-vhv8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p464-m8x6-vhv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41405","GHSA-p464-m8x6-vhv8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzvr-jz7v-q3h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77856?format=json","vulnerability_id":"VCID-k19r-em9r-bybp","summary":"OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to redirect the installer outside the intended tools directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33574","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02138","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33574"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33574","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33574"},{"reference_url":"https://github.com/openclaw/openclaw/commit/9abf014f3502009faf9c73df5ca2cff719e54639","reference_id":"9abf014f3502009faf9c73df5ca2cff719e54639","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:28:38Z/"}],"url":"https://github.com/openclaw/openclaw/commit/9abf014f3502009faf9c73df5ca2cff719e54639"},{"reference_url":"https://github.com/advisories/GHSA-vhwf-4x96-vqx2","reference_id":"GHSA-vhwf-4x96-vqx2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vhwf-4x96-vqx2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vhwf-4x96-vqx2","reference_id":"GHSA-vhwf-4x96-vqx2","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:28:38Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vhwf-4x96-vqx2"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-path-traversal-via-tools-root-rebinding-in-skills-download","reference_id":"openclaw-path-traversal-via-tools-root-rebinding-in-skills-download","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:28:38Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-path-traversal-via-tools-root-rebinding-in-skills-download"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374860?format=json","purl":"pkg:npm/openclaw@2026.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.8"}],"aliases":["CVE-2026-33574","GHSA-vhwf-4x96-vqx2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k19r-em9r-bybp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71677?format=json","vulnerability_id":"VCID-k1fs-5s5j-xyh6","summary":"OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized base URL, enabling attackers to mint new verified request keys through unsigned query-only changes to signed requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35618","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13335","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35618"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35618","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35618"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:33:06Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/b0ce53a79cf63834660270513e26d921899b4e5b","reference_id":"b0ce53a79cf63834660270513e26d921899b4e5b","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:33:06Z/"}],"url":"https://github.com/openclaw/openclaw/commit/b0ce53a79cf63834660270513e26d921899b4e5b"},{"reference_url":"https://github.com/advisories/GHSA-cg6c-q2hx-69h7","reference_id":"GHSA-cg6c-q2hx-69h7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cg6c-q2hx-69h7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cg6c-q2hx-69h7","reference_id":"GHSA-cg6c-q2hx-69h7","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:33:06Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cg6c-q2hx-69h7"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-replay-identity-drift-via-query-only-variants-in-plivo-v2-verification","reference_id":"openclaw-replay-identity-drift-via-query-only-variants-in-plivo-v2-verification","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:33:06Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-replay-identity-drift-via-query-only-variants-in-plivo-v2-verification"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373851?format=json","purl":"pkg:npm/openclaw@2026.3.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.23"}],"aliases":["CVE-2026-35618","GHSA-cg6c-q2hx-69h7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1fs-5s5j-xyh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77141?format=json","vulnerability_id":"VCID-k64p-h928-dfcs","summary":"OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending system events from non-allowlisted senders through message_changed, message_deleted, and thread_broadcast events.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32895","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12118","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32895"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32895","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32895"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3d30ba18a2aba1e1b302e77ff33145c3b06c01c8","reference_id":"3d30ba18a2aba1e1b302e77ff33145c3b06c01c8","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T18:44:56Z/"}],"url":"https://github.com/openclaw/openclaw/commit/3d30ba18a2aba1e1b302e77ff33145c3b06c01c8"},{"reference_url":"https://github.com/advisories/GHSA-v8cg-4474-49v8","reference_id":"GHSA-v8cg-4474-49v8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8cg-4474-49v8"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8cg-4474-49v8","reference_id":"GHSA-v8cg-4474-49v8","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T18:44:56Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8cg-4474-49v8"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sender-authorization-bypass-in-slack-system-event-handlers","reference_id":"openclaw-sender-authorization-bypass-in-slack-system-event-handlers","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T18:44:56Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sender-authorization-bypass-in-slack-system-event-handlers"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["CVE-2026-32895","GHSA-v8cg-4474-49v8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k64p-h928-dfcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359842?format=json","vulnerability_id":"VCID-kact-h3hk-d7eg","summary":"OpenClaw: Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0\n## Summary\n\nSandbox browser CDP relay could expose DevTools protocol on 0.0.0.0.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nThe sandbox browser CDP relay could bind too broadly, exposing Chrome DevTools Protocol access outside the intended local/sandbox source range.\n\n## Technical Details\n\nThe fix enforces CDP source-range restriction by default and avoids broad `0.0.0.0` exposure unless explicitly configured.\n\n## Fix\n\nThe issue was fixed in #61404. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `fbf11ebdb7110632f93926d0ac7b48f04cb44d77`\n- PR: #61404\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/61404","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/61404"},{"reference_url":"https://github.com/advisories/GHSA-525j-hqq2-66r4","reference_id":"GHSA-525j-hqq2-66r4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-525j-hqq2-66r4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-525j-hqq2-66r4","reference_id":"GHSA-525j-hqq2-66r4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-525j-hqq2-66r4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["GHSA-525j-hqq2-66r4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kact-h3hk-d7eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81033?format=json","vulnerability_id":"VCID-kdn3-sa62-4bef","summary":"OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41388","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12872","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41388"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a4d72a83f01fedd35964c352e3473c7712a3511b","reference_id":"a4d72a83f01fedd35964c352e3473c7712a3511b","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:28:29Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a4d72a83f01fedd35964c352e3473c7712a3511b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41388","reference_id":"CVE-2026-41388","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41388"},{"reference_url":"https://github.com/advisories/GHSA-3pm9-5j7m-59vc","reference_id":"GHSA-3pm9-5j7m-59vc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3pm9-5j7m-59vc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3pm9-5j7m-59vc","reference_id":"GHSA-3pm9-5j7m-59vc","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:28:29Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3pm9-5j7m-59vc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-configuration-rehydration-via-empty-array-revocation-handling","reference_id":"openclaw-configuration-rehydration-via-empty-array-revocation-handling","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:28:29Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-configuration-rehydration-via-empty-array-revocation-handling"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41388","GHSA-3pm9-5j7m-59vc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kdn3-sa62-4bef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70463?format=json","vulnerability_id":"VCID-kfmd-usy4-afbu","summary":"OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42430","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10114","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42430"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42430","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42430"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:56:41Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-w8g9-x8gx-crmm","reference_id":"GHSA-w8g9-x8gx-crmm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w8g9-x8gx-crmm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w8g9-x8gx-crmm","reference_id":"GHSA-w8g9-x8gx-crmm","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:56:41Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w8g9-x8gx-crmm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-strict-browser-ssrf-bypass-via-playwright-redirect-handling","reference_id":"openclaw-strict-browser-ssrf-bypass-via-playwright-redirect-handling","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:56:41Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-strict-browser-ssrf-bypass-via-playwright-redirect-handling"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42430","GHSA-w8g9-x8gx-crmm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfmd-usy4-afbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65585?format=json","vulnerability_id":"VCID-kkqe-kjun-mufe","summary":"OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43526","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14157","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43526"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/08ae021d1f42905a85a550813c0d95169b171a6c","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/08ae021d1f42905a85a550813c0d95169b171a6c"},{"reference_url":"https://github.com/openclaw/openclaw/pull/63495","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/63495"},{"reference_url":"https://github.com/openclaw/openclaw/pull/65788","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/65788"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43526","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43526"},{"reference_url":"https://github.com/openclaw/openclaw/commit/08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a","reference_id":"08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/"}],"url":"https://github.com/openclaw/openclaw/commit/08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d","reference_id":"ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d"},{"reference_url":"https://github.com/advisories/GHSA-2767-2q9v-9326","reference_id":"GHSA-2767-2q9v-9326","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2767-2q9v-9326"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2767-2q9v-9326","reference_id":"GHSA-2767-2q9v-9326","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2767-2q9v-9326"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling","reference_id":"openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373522?format=json","purl":"pkg:npm/openclaw@2026.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12"}],"aliases":["CVE-2026-43526","GHSA-2767-2q9v-9326"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkqe-kjun-mufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360054?format=json","vulnerability_id":"VCID-kkw6-d2rs-9uh3","summary":"OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events\n## Summary\n\nBlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nBlueBubbles group reaction events previously bypassed `requireMention` and still enqueued agent-visible system events in groups that were supposed to stay mention-gated. Commit `f8c98630785288cc1f1d0893503ef3b653a3cede` applies the reaction path to the same mention gate as normal group messages.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `f8c98630785288cc1f1d0893503ef3b653a3cede`.\n\n## Fix Commit(s)\n\n- `f8c98630785288cc1f1d0893503ef3b653a3cede`","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-mw7w-g3mg-xqm7","reference_id":"GHSA-mw7w-g3mg-xqm7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mw7w-g3mg-xqm7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mw7w-g3mg-xqm7","reference_id":"GHSA-mw7w-g3mg-xqm7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mw7w-g3mg-xqm7"}],"fixed_packages":[],"aliases":["GHSA-mw7w-g3mg-xqm7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkw6-d2rs-9uh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71848?format=json","vulnerability_id":"VCID-kmue-xe85-hbgr","summary":"OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35655","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14674","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35655"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35655","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35655"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:16Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/e4c61723cd2d530680cc61789311d464ab8cdf60","reference_id":"e4c61723cd2d530680cc61789311d464ab8cdf60","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:16Z/"}],"url":"https://github.com/openclaw/openclaw/commit/e4c61723cd2d530680cc61789311d464ab8cdf60"},{"reference_url":"https://github.com/advisories/GHSA-74wf-h43j-vvmj","reference_id":"GHSA-74wf-h43j-vvmj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-74wf-h43j-vvmj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-74wf-h43j-vvmj","reference_id":"GHSA-74wf-h43j-vvmj","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:16Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-74wf-h43j-vvmj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-identity-spoofing-via-rawinput-tool-in-acp-permission-resolution","reference_id":"openclaw-identity-spoofing-via-rawinput-tool-in-acp-permission-resolution","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:16Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-identity-spoofing-via-rawinput-tool-in-acp-permission-resolution"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35655","GHSA-74wf-h43j-vvmj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmue-xe85-hbgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83455?format=json","vulnerability_id":"VCID-kpbm-y7e6-t3gg","summary":"OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connections to self-declare elevated scopes without server-side binding. Attackers can exploit this logic flaw to present unauthorized scopes such as operator.admin and perform admin-only gateway operations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22172","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0594","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22172"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/5e389d5e7c9233ec91026ab2fea299ebaf3249f6","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/5e389d5e7c9233ec91026ab2fea299ebaf3249f6"},{"reference_url":"https://github.com/openclaw/openclaw/pull/44306","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/44306"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12"},{"reference_url":"https://github.com/advisories/GHSA-rqpp-rjj8-7wv8","reference_id":"GHSA-rqpp-rjj8-7wv8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rqpp-rjj8-7wv8"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rqpp-rjj8-7wv8","reference_id":"GHSA-rqpp-rjj8-7wv8","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T18:03:44Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rqpp-rjj8-7wv8"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-scope-elevation-in-websocket-shared-auth-connections","reference_id":"openclaw-scope-elevation-in-websocket-shared-auth-connections","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T18:03:44Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-scope-elevation-in-websocket-shared-auth-connections"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["CVE-2026-22172","GHSA-rqpp-rjj8-7wv8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpbm-y7e6-t3gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80969?format=json","vulnerability_id":"VCID-kprt-1prq-n7bt","summary":"OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41330","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02838","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41330"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41330","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41330"},{"reference_url":"https://github.com/openclaw/openclaw/commit/4d912e04519b4bd53b248437c53748cdebce9a41","reference_id":"4d912e04519b4bd53b248437c53748cdebce9a41","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:39:14Z/"}],"url":"https://github.com/openclaw/openclaw/commit/4d912e04519b4bd53b248437c53748cdebce9a41"},{"reference_url":"https://github.com/advisories/GHSA-9gp8-hjxr-6f34","reference_id":"GHSA-9gp8-hjxr-6f34","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9gp8-hjxr-6f34"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9gp8-hjxr-6f34","reference_id":"GHSA-9gp8-hjxr-6f34","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:39:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9gp8-hjxr-6f34"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-override-via-host-exec-policy","reference_id":"openclaw-environment-variable-override-via-host-exec-policy","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:39:14Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-override-via-host-exec-policy"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41330","GHSA-9gp8-hjxr-6f34"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kprt-1prq-n7bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71690?format=json","vulnerability_id":"VCID-kr71-ur8n-vqe1","summary":"OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35658","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13494","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35658"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35658","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35658"},{"reference_url":"https://github.com/openclaw/openclaw/commit/14baadda2c456f3cf749f1f97e8678746a34a7f4","reference_id":"14baadda2c456f3cf749f1f97e8678746a34a7f4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:56:25Z/"}],"url":"https://github.com/openclaw/openclaw/commit/14baadda2c456f3cf749f1f97e8678746a34a7f4"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:56:25Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ccfeecb6887cd97937e33a71877ad512741e82b2","reference_id":"ccfeecb6887cd97937e33a71877ad512741e82b2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:56:25Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ccfeecb6887cd97937e33a71877ad512741e82b2"},{"reference_url":"https://github.com/openclaw/openclaw/commit/dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53","reference_id":"dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:56:25Z/"}],"url":"https://github.com/openclaw/openclaw/commit/dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53"},{"reference_url":"https://github.com/advisories/GHSA-cfp9-w5v9-3q4h","reference_id":"GHSA-cfp9-w5v9-3q4h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cfp9-w5v9-3q4h"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cfp9-w5v9-3q4h","reference_id":"GHSA-cfp9-w5v9-3q4h","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:56:25Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cfp9-w5v9-3q4h"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-filesystem-boundary-bypass-in-image-tool","reference_id":"openclaw-filesystem-boundary-bypass-in-image-tool","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:56:25Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-filesystem-boundary-bypass-in-image-tool"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40136?format=json","purl":"pkg:npm/openclaw@2026.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2"}],"aliases":["CVE-2026-35658","GHSA-cfp9-w5v9-3q4h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kr71-ur8n-vqe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359160?format=json","vulnerability_id":"VCID-kt4v-cekr-fka8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32974","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15557","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32974"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7844bc89a1612800810617c823eb0c76ef945804","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/7844bc89a1612800810617c823eb0c76ef945804"},{"reference_url":"https://github.com/openclaw/openclaw/pull/44087","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/44087"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g353-mgv3-8pcj","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g353-mgv3-8pcj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32974","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32974"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-forged-event-injection-via-feishu-webhook-verification-token","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-forged-event-injection-via-feishu-webhook-verification-token"},{"reference_url":"https://github.com/advisories/GHSA-g353-mgv3-8pcj","reference_id":"GHSA-g353-mgv3-8pcj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g353-mgv3-8pcj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["CVE-2026-32974","GHSA-g353-mgv3-8pcj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kt4v-cekr-fka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359254?format=json","vulnerability_id":"VCID-kxyq-t74z-p3gf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41385","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0392","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41385"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/57700d716f660591fb6e09727f3ca8041fa48b9d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/57700d716f660591fb6e09727f3ca8041fa48b9d"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jjw7-3vjf-fg5j","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jjw7-3vjf-fg5j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41385","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41385"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-nostr-private-key-exposure-via-config-get-redaction-bypass","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-nostr-private-key-exposure-via-config-get-redaction-bypass"},{"reference_url":"https://github.com/advisories/GHSA-jjw7-3vjf-fg5j","reference_id":"GHSA-jjw7-3vjf-fg5j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjw7-3vjf-fg5j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41385","GHSA-jjw7-3vjf-fg5j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxyq-t74z-p3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77552?format=json","vulnerability_id":"VCID-kzju-dt4v-syff","summary":"OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly eligible for group allowlist authorization checks. Attackers can exploit this cross-context authorization flaw by using a sender approved via DM pairing to satisfy group sender allowlist checks without explicit presence in groupAllowFrom, bypassing group message access controls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32027","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13888","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32027"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/051fdcc428129446e7c084260f837b7284279ce9","reference_id":"051fdcc428129446e7c084260f837b7284279ce9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:01:53Z/"}],"url":"https://github.com/openclaw/openclaw/commit/051fdcc428129446e7c084260f837b7284279ce9"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8bdda7a651c21e98faccdbbd73081e79cffe8be0","reference_id":"8bdda7a651c21e98faccdbbd73081e79cffe8be0","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:01:53Z/"}],"url":"https://github.com/openclaw/openclaw/commit/8bdda7a651c21e98faccdbbd73081e79cffe8be0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32027","reference_id":"CVE-2026-32027","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32027"},{"reference_url":"https://github.com/advisories/GHSA-jv6r-27ww-4gw4","reference_id":"GHSA-jv6r-27ww-4gw4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jv6r-27ww-4gw4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jv6r-27ww-4gw4","reference_id":"GHSA-jv6r-27ww-4gw4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:01:53Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jv6r-27ww-4gw4"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-improper-authorization-via-dm-pairing-store-identity-inheritance-in-group-allowlist","reference_id":"openclaw-improper-authorization-via-dm-pairing-store-identity-inheritance-in-group-allowlist","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:01:53Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-improper-authorization-via-dm-pairing-store-identity-inheritance-in-group-allowlist"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["CVE-2026-32027","GHSA-jv6r-27ww-4gw4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzju-dt4v-syff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71936?format=json","vulnerability_id":"VCID-m3h2-6en6-2ye4","summary":"OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35657","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09011","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35657"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/1c45123231516fa50f8cf8522ba5ff2fb2ca7aea","reference_id":"1c45123231516fa50f8cf8522ba5ff2fb2ca7aea","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:28:43Z/"}],"url":"https://github.com/openclaw/openclaw/commit/1c45123231516fa50f8cf8522ba5ff2fb2ca7aea"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35657","reference_id":"CVE-2026-35657","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35657"},{"reference_url":"https://github.com/advisories/GHSA-5jvj-hxmh-6h6j","reference_id":"GHSA-5jvj-hxmh-6h6j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5jvj-hxmh-6h6j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5jvj-hxmh-6h6j","reference_id":"GHSA-5jvj-hxmh-6h6j","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:28:43Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5jvj-hxmh-6h6j"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-http-session-history-route","reference_id":"openclaw-authorization-bypass-in-http-session-history-route","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:28:43Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-http-session-history-route"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374938?format=json","purl":"pkg:npm/openclaw@2026.3.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.25"},{"url":"http://public2.vulnerablecode.io/api/packages/981079?format=json","purl":"pkg:npm/openclaw@2026.3.28-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28-beta.1"}],"aliases":["CVE-2026-35657","GHSA-5jvj-hxmh-6h6j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3h2-6en6-2ye4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80817?format=json","vulnerability_id":"VCID-m4qc-8d4v-dbe2","summary":"OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code execution before the plugin is explicitly trusted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41295","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03587","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41295"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/53c29df2a9eb242a70d0ff29f3d1e67c8d6801f0","reference_id":"53c29df2a9eb242a70d0ff29f3d1e67c8d6801f0","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:15Z/"}],"url":"https://github.com/openclaw/openclaw/commit/53c29df2a9eb242a70d0ff29f3d1e67c8d6801f0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41295","reference_id":"CVE-2026-41295","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41295"},{"reference_url":"https://github.com/advisories/GHSA-2qrv-rc5x-2g2h","reference_id":"GHSA-2qrv-rc5x-2g2h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qrv-rc5x-2g2h"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2qrv-rc5x-2g2h","reference_id":"GHSA-2qrv-rc5x-2g2h","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:15Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2qrv-rc5x-2g2h"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-untrusted-workspace-channel-shadow-code-execution-during-built-in-channel-setup","reference_id":"openclaw-untrusted-workspace-channel-shadow-code-execution-during-built-in-channel-setup","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:15Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-untrusted-workspace-channel-shadow-code-execution-during-built-in-channel-setup"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-41295","GHSA-2qrv-rc5x-2g2h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4qc-8d4v-dbe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360060?format=json","vulnerability_id":"VCID-m5mp-zry4-wfew","summary":"OpenClaw: Command-authorized non-owners could reach owner-only `/config` and `/debug` surfaces\n### Summary\n\nOpenClaw documented `/config` and `/debug` as owner-only commands, but the command handlers checked only whether the sender was command-authorized. A lower-trust sender who was intentionally allowed to run commands could still reach privileged configuration and debugging surfaces.\n\n### Impact\n\nThis allowed a non-owner sender to read or change privileged configuration that should have remained restricted to owners.\n\n### Affected versions\n\n`openclaw` `<= 2026.3.11`\n\n### Patch\n\nFixed in `openclaw` `2026.3.12`. Owner checks are now enforced for privileged command surfaces, and regression tests cover `/config` and `/debug` access control.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/08aa57a3de37d337b226ae861f573779f112ff2e","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/08aa57a3de37d337b226ae861f573779f112ff2e"},{"reference_url":"https://github.com/openclaw/openclaw/pull/44305","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/44305"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12"},{"reference_url":"https://github.com/advisories/GHSA-r7vr-gr74-94p8","reference_id":"GHSA-r7vr-gr74-94p8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7vr-gr74-94p8"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r7vr-gr74-94p8","reference_id":"GHSA-r7vr-gr74-94p8","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r7vr-gr74-94p8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["GHSA-r7vr-gr74-94p8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m5mp-zry4-wfew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80996?format=json","vulnerability_id":"VCID-m8ba-t6kp-3kcx","summary":"OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to access arbitrary files outside intended boundaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41397","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2259","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41397"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41397","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41397"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3b9dab0ece4643a9643e6a45459f5c709d3ce320","reference_id":"3b9dab0ece4643a9643e6a45459f5c709d3ce320","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:37:54Z/"}],"url":"https://github.com/openclaw/openclaw/commit/3b9dab0ece4643a9643e6a45459f5c709d3ce320"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1","reference_id":"c02ee8a3a4cb390b23afdf21317aa8b2096854d1","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:37:54Z/"}],"url":"https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1"},{"reference_url":"https://github.com/advisories/GHSA-cwf8-44x6-32c2","reference_id":"GHSA-cwf8-44x6-32c2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwf8-44x6-32c2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cwf8-44x6-32c2","reference_id":"GHSA-cwf8-44x6-32c2","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:37:54Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cwf8-44x6-32c2"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-unrestricted-file-sync-and-symlink-traversal","reference_id":"openclaw-sandbox-escape-via-unrestricted-file-sync-and-symlink-traversal","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:37:54Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-unrestricted-file-sync-and-symlink-traversal"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41397","GHSA-cwf8-44x6-32c2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m8ba-t6kp-3kcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359866?format=json","vulnerability_id":"VCID-mdss-pw9y-7kh6","summary":"Duplicate Advisory: OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-3h52-cx59-c456. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through forced JSON parsing before signature rejection.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35640","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35640"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3h52-cx59-c456","reference_id":"GHSA-3h52-cx59-c456","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3h52-cx59-c456"},{"reference_url":"https://github.com/advisories/GHSA-8f9r-gr6r-x63q","reference_id":"GHSA-8f9r-gr6r-x63q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f9r-gr6r-x63q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-8f9r-gr6r-x63q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdss-pw9y-7kh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80985?format=json","vulnerability_id":"VCID-msr2-gsjh-1bat","summary":"OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper administrative privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41375","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25118","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41375"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/aa66ae1fc797d3298cc409ed2c5da69a89950a45","reference_id":"aa66ae1fc797d3298cc409ed2c5da69a89950a45","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:26:54Z/"}],"url":"https://github.com/openclaw/openclaw/commit/aa66ae1fc797d3298cc409ed2c5da69a89950a45"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41375","reference_id":"CVE-2026-41375","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41375"},{"reference_url":"https://github.com/advisories/GHSA-h2v7-xc88-xx8c","reference_id":"GHSA-h2v7-xc88-xx8c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h2v7-xc88-xx8c"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h2v7-xc88-xx8c","reference_id":"GHSA-h2v7-xc88-xx8c","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:26:54Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h2v7-xc88-xx8c"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-phone-arm-and-phone-disarm-endpoints","reference_id":"openclaw-authorization-bypass-in-phone-arm-and-phone-disarm-endpoints","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:26:54Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-phone-arm-and-phone-disarm-endpoints"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41375","GHSA-h2v7-xc88-xx8c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msr2-gsjh-1bat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71345?format=json","vulnerability_id":"VCID-mwj4-uf8p-e3bm","summary":"OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_search citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host to loopback, private, or internal destinations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31989","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19636","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31989"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31989","reference_id":"CVE-2026-31989","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31989"},{"reference_url":"https://github.com/advisories/GHSA-g99v-8hwm-g76g","reference_id":"GHSA-g99v-8hwm-g76g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g99v-8hwm-g76g"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g99v-8hwm-g76g","reference_id":"GHSA-g99v-8hwm-g76g","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T13:38:55Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g99v-8hwm-g76g"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-web-search-citation-redirect","reference_id":"openclaw-server-side-request-forgery-via-web-search-citation-redirect","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T13:38:55Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-web-search-citation-redirect"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40062?format=json","purl":"pkg:npm/openclaw@2026.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cb88-xg59-e7dh"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xbsp-wcqs-4bf4"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.1"}],"aliases":["CVE-2026-31989","GHSA-g99v-8hwm-g76g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwj4-uf8p-e3bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360201?format=json","vulnerability_id":"VCID-mwyx-q85j-93dk","summary":"Duplicate Advisory: OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-vhwf-4x96-vqx2. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to redirect the installer outside the intended tools directory.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33574","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33574"},{"reference_url":"https://github.com/advisories/GHSA-6q2v-vfwp-pvwh","reference_id":"GHSA-6q2v-vfwp-pvwh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6q2v-vfwp-pvwh"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vhwf-4x96-vqx2","reference_id":"GHSA-vhwf-4x96-vqx2","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vhwf-4x96-vqx2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374860?format=json","purl":"pkg:npm/openclaw@2026.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.8"}],"aliases":["GHSA-6q2v-vfwp-pvwh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwyx-q85j-93dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212737?format=json","vulnerability_id":"VCID-n2xf-a53e-hkdn","summary":"OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/1aadf26f9acc399affabd859937a09468a9c5cb4","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/1aadf26f9acc399affabd859937a09468a9c5cb4"},{"reference_url":"https://github.com/advisories/GHSA-gcj7-r3hg-m7w6","reference_id":"GHSA-gcj7-r3hg-m7w6","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcj7-r3hg-m7w6"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gcj7-r3hg-m7w6","reference_id":"GHSA-gcj7-r3hg-m7w6","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gcj7-r3hg-m7w6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["GHSA-gcj7-r3hg-m7w6"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2xf-a53e-hkdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359244?format=json","vulnerability_id":"VCID-n3c5-p4ah-e7e9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41336","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03587","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41336"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3qpv-xf3v-mm45","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3qpv-xf3v-mm45"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41336","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41336"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-hook-code-execution-via-openclaw-bundled-hooks-dir-environment-variable-override","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-hook-code-execution-via-openclaw-bundled-hooks-dir-environment-variable-override"},{"reference_url":"https://github.com/advisories/GHSA-3qpv-xf3v-mm45","reference_id":"GHSA-3qpv-xf3v-mm45","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3qpv-xf3v-mm45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41336","GHSA-3qpv-xf3v-mm45"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n3c5-p4ah-e7e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77428?format=json","vulnerability_id":"VCID-n77t-a476-8ye2","summary":"OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run OpenClaw from the directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32920","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05467","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32920"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32920","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32920"},{"reference_url":"https://github.com/advisories/GHSA-99qw-6mr3-36qr","reference_id":"GHSA-99qw-6mr3-36qr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99qw-6mr3-36qr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-99qw-6mr3-36qr","reference_id":"GHSA-99qw-6mr3-36qr","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:03:17Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-99qw-6mr3-36qr"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-auto-discovery-of-workspace-plugins","reference_id":"openclaw-arbitrary-code-execution-via-auto-discovery-of-workspace-plugins","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:03:17Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-auto-discovery-of-workspace-plugins"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["CVE-2026-32920","GHSA-99qw-6mr3-36qr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n77t-a476-8ye2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212687?format=json","vulnerability_id":"VCID-n7kf-616a-67bk","summary":"OpenClaw's TOCTOU symlink race in writeFileWithinRoot could create or truncate files outside root boundaries","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-x82f-27x3-q89c","reference_id":"GHSA-x82f-27x3-q89c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x82f-27x3-q89c"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x82f-27x3-q89c","reference_id":"GHSA-x82f-27x3-q89c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x82f-27x3-q89c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40062?format=json","purl":"pkg:npm/openclaw@2026.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cb88-xg59-e7dh"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xbsp-wcqs-4bf4"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.1"}],"aliases":["GHSA-x82f-27x3-q89c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7kf-616a-67bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360104?format=json","vulnerability_id":"VCID-n8n3-2zmf-guhs","summary":"Duplicate Advisory: OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-q399-23r3-hfx4. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling arbitrary command execution.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31997","reference_id":"CVE-2026-31997","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31997"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q399-23r3-hfx4","reference_id":"GHSA-q399-23r3-hfx4","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q399-23r3-hfx4"},{"reference_url":"https://github.com/advisories/GHSA-q86m-697p-h7fh","reference_id":"GHSA-q86m-697p-h7fh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q86m-697p-h7fh"}],"fixed_packages":[],"aliases":["GHSA-q86m-697p-h7fh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8n3-2zmf-guhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78214?format=json","vulnerability_id":"VCID-na8n-2vex-zfdb","summary":"OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33579","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06201","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33579"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/4ee4960de2330b5322127f925f3687dc6f105be1","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/4ee4960de2330b5322127f925f3687dc6f105be1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33579","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33579"},{"reference_url":"https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd","reference_id":"e403decb6e20091b5402780a7ccd2085f98aa3cd","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:39Z/"}],"url":"https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd"},{"reference_url":"https://github.com/advisories/GHSA-hc5h-pmr3-3497","reference_id":"GHSA-hc5h-pmr3-3497","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hc5h-pmr3-3497"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497","reference_id":"GHSA-hc5h-pmr3-3497","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:39Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval","reference_id":"openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:39Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-33579","GHSA-hc5h-pmr3-3497"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-na8n-2vex-zfdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360096?format=json","vulnerability_id":"VCID-nfvd-f7cc-tkhm","summary":"Duplicate Advisory: OpenClaw affected by SSRF via unguarded image download in fal provider\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-qxgf-hmcj-3xw3. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service metadata and responses through the image pipeline.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34504","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34504"},{"reference_url":"https://github.com/advisories/GHSA-35cq-wv6v-88xf","reference_id":"GHSA-35cq-wv6v-88xf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-35cq-wv6v-88xf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3","reference_id":"GHSA-qxgf-hmcj-3xw3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-35cq-wv6v-88xf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfvd-f7cc-tkhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360105?format=json","vulnerability_id":"VCID-njf8-w51n-qkgp","summary":"Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-vvgp-4c28-m3jm. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui client identifier to skip pairing requirements and gain unauthorized access to node event execution flows.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32057","reference_id":"CVE-2026-32057","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32057"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vvgp-4c28-m3jm","reference_id":"GHSA-vvgp-4c28-m3jm","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vvgp-4c28-m3jm"},{"reference_url":"https://github.com/advisories/GHSA-xh9j-mpc9-2m9p","reference_id":"GHSA-xh9j-mpc9-2m9p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh9j-mpc9-2m9p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/955420?format=json","purl":"pkg:npm/openclaw@2026.2.25-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25-beta.1"}],"aliases":["GHSA-xh9j-mpc9-2m9p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njf8-w51n-qkgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71381?format=json","vulnerability_id":"VCID-nk7m-krnp-x3ej","summary":"OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the media/inbound directory to overwrite arbitrary files on the host system outside sandbox boundaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31990","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11826","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31990"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/17ede52a4be3034f6ec4b883ac6b81ad0101558a","reference_id":"17ede52a4be3034f6ec4b883ac6b81ad0101558a","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:02:57Z/"}],"url":"https://github.com/openclaw/openclaw/commit/17ede52a4be3034f6ec4b883ac6b81ad0101558a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31990","reference_id":"CVE-2026-31990","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31990"},{"reference_url":"https://github.com/advisories/GHSA-cfvj-7rx7-fc7c","reference_id":"GHSA-cfvj-7rx7-fc7c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cfvj-7rx7-fc7c"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cfvj-7rx7-fc7c","reference_id":"GHSA-cfvj-7rx7-fc7c","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:02:57Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cfvj-7rx7-fc7c"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-stagesandboxmedia-destination","reference_id":"openclaw-symlink-traversal-in-stagesandboxmedia-destination","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:02:57Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-stagesandboxmedia-destination"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40136?format=json","purl":"pkg:npm/openclaw@2026.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2"}],"aliases":["CVE-2026-31990","GHSA-cfvj-7rx7-fc7c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nk7m-krnp-x3ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70395?format=json","vulnerability_id":"VCID-nkkj-ue4v-3ueh","summary":"OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token sessions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42421","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10415","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42421"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42421","reference_id":"CVE-2026-42421","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42421"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:15:14Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-5h3f-885m-v22w","reference_id":"GHSA-5h3f-885m-v22w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5h3f-885m-v22w"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3f-885m-v22w","reference_id":"GHSA-5h3f-885m-v22w","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:15:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3f-885m-v22w"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-websocket-session-persistence-via-shared-gateway-token-rotation","reference_id":"openclaw-websocket-session-persistence-via-shared-gateway-token-rotation","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:15:14Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-websocket-session-persistence-via-shared-gateway-token-rotation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42421","GHSA-5h3f-885m-v22w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nkkj-ue4v-3ueh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71784?format=json","vulnerability_id":"VCID-np53-nrkf-uyhe","summary":"OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to manipulate displayed information through malicious tool titles.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35651","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10291","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35651"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35651","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35651"},{"reference_url":"https://github.com/openclaw/openclaw/commit/464e2c10a5edceb380d815adb6ff56e1a4c50f60","reference_id":"464e2c10a5edceb380d815adb6ff56e1a4c50f60","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:29:21Z/"}],"url":"https://github.com/openclaw/openclaw/commit/464e2c10a5edceb380d815adb6ff56e1a4c50f60"},{"reference_url":"https://github.com/advisories/GHSA-4hmj-39m8-jwc7","reference_id":"GHSA-4hmj-39m8-jwc7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4hmj-39m8-jwc7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4hmj-39m8-jwc7","reference_id":"GHSA-4hmj-39m8-jwc7","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:29:21Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4hmj-39m8-jwc7"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-ansi-escape-sequence-injection-in-approval-prompt","reference_id":"openclaw-ansi-escape-sequence-injection-in-approval-prompt","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:29:21Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-ansi-escape-sequence-injection-in-approval-prompt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-35651","GHSA-4hmj-39m8-jwc7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-np53-nrkf-uyhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74735?format=json","vulnerability_id":"VCID-p53z-23c4-sych","summary":"OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesizes wildcard sender authorization, permitting any sender in the matched team/channel to trigger replies in allowlisted Teams routes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34506","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02168","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34506"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34506","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34506"},{"reference_url":"https://github.com/openclaw/openclaw/commit/88aee9161e0e6d32e810a25711e32a808a1777b2","reference_id":"88aee9161e0e6d32e810a25711e32a808a1777b2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:56:56Z/"}],"url":"https://github.com/openclaw/openclaw/commit/88aee9161e0e6d32e810a25711e32a808a1777b2"},{"reference_url":"https://github.com/advisories/GHSA-g7cr-9h7q-4qxq","reference_id":"GHSA-g7cr-9h7q-4qxq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g7cr-9h7q-4qxq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g7cr-9h7q-4qxq","reference_id":"GHSA-g7cr-9h7q-4qxq","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:56:56Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g7cr-9h7q-4qxq"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-in-microsoft-teams-plugin-via-route-allowlist-configuration","reference_id":"openclaw-sender-allowlist-bypass-in-microsoft-teams-plugin-via-route-allowlist-configuration","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:56:56Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-in-microsoft-teams-plugin-via-route-allowlist-configuration"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374860?format=json","purl":"pkg:npm/openclaw@2026.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.8"}],"aliases":["CVE-2026-34506","GHSA-g7cr-9h7q-4qxq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p53z-23c4-sych"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83357?format=json","vulnerability_id":"VCID-pbqc-njj8-1ucb","summary":"OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTP_PROXY, HTTPS_PROXY, or ALL_PROXY environment variables are present, attacker-influenced URLs can be routed through proxy behavior instead of pinned-destination routing, enabling access to internal targets reachable from the proxy environment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22181","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20651","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22181"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/345abf0b2e0f43b0f229e96f252ebf56f1e5549e","reference_id":"345abf0b2e0f43b0f229e96f252ebf56f1e5549e","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T16:03:39Z/"}],"url":"https://github.com/openclaw/openclaw/commit/345abf0b2e0f43b0f229e96f252ebf56f1e5549e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22181","reference_id":"CVE-2026-22181","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22181"},{"reference_url":"https://github.com/advisories/GHSA-8mvx-p2r9-r375","reference_id":"GHSA-8mvx-p2r9-r375","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8mvx-p2r9-r375"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8mvx-p2r9-r375","reference_id":"GHSA-8mvx-p2r9-r375","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T16:03:39Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8mvx-p2r9-r375"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-dns-pinning-bypass-via-environment-proxy-configuration-in-web-fetch","reference_id":"openclaw-dns-pinning-bypass-via-environment-proxy-configuration-in-web-fetch","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T16:03:39Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-dns-pinning-bypass-via-environment-proxy-configuration-in-web-fetch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40136?format=json","purl":"pkg:npm/openclaw@2026.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2"}],"aliases":["CVE-2026-22181","GHSA-8mvx-p2r9-r375"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbqc-njj8-1ucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360153?format=json","vulnerability_id":"VCID-pe1f-8yv2-a7gn","summary":"Duplicate Advisory: OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-qc36-x95h-7j53. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32978","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32978"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qc36-x95h-7j53","reference_id":"GHSA-qc36-x95h-7j53","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qc36-x95h-7j53"},{"reference_url":"https://github.com/advisories/GHSA-rwwx-25m7-ww73","reference_id":"GHSA-rwwx-25m7-ww73","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rwwx-25m7-ww73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["GHSA-rwwx-25m7-ww73"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pe1f-8yv2-a7gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81029?format=json","vulnerability_id":"VCID-pecx-xt79-1kht","summary":"OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending host execution requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41303","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23453","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41303"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/355abe5eba28012e6a95b9923a32831fcf870344","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/355abe5eba28012e6a95b9923a32831fcf870344"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41303","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41303"},{"reference_url":"https://github.com/advisories/GHSA-98hh-7ghg-x6rq","reference_id":"GHSA-98hh-7ghg-x6rq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98hh-7ghg-x6rq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-98hh-7ghg-x6rq","reference_id":"GHSA-98hh-7ghg-x6rq","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:44Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-98hh-7ghg-x6rq"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-discord-text-approval-commands","reference_id":"openclaw-authorization-bypass-in-discord-text-approval-commands","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:44Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-discord-text-approval-commands"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41303","GHSA-98hh-7ghg-x6rq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pecx-xt79-1kht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71908?format=json","vulnerability_id":"VCID-pjra-aaxs-ybek","summary":"OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket requests to Canvas routes to bypass authentication and gain unauthorized access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35634","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10225","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35634"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35634","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35634"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:30:11Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d5dc6b6573ae489bc7e5651090f4767b93537c9e","reference_id":"d5dc6b6573ae489bc7e5651090f4767b93537c9e","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:30:11Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d5dc6b6573ae489bc7e5651090f4767b93537c9e"},{"reference_url":"https://github.com/advisories/GHSA-6mqc-jqh6-x8fc","reference_id":"GHSA-6mqc-jqh6-x8fc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6mqc-jqh6-x8fc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6mqc-jqh6-x8fc","reference_id":"GHSA-6mqc-jqh6-x8fc","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:30:11Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6mqc-jqh6-x8fc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-local-direct-requests-in-canvas-gateway","reference_id":"openclaw-authentication-bypass-via-local-direct-requests-in-canvas-gateway","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:30:11Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-local-direct-requests-in-canvas-gateway"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373851?format=json","purl":"pkg:npm/openclaw@2026.3.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.23"}],"aliases":["CVE-2026-35634","GHSA-6mqc-jqh6-x8fc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjra-aaxs-ybek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360032?format=json","vulnerability_id":"VCID-pm3t-c8dr-zkhy","summary":"Duplicate Advisory: OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback)\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-5mx2-2mgw-x8rm. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.21 BlueBubbles webhook handler contains a passwordless fallback authentication path that allows unauthenticated webhook events in certain reverse-proxy or local routing configurations. Attackers can bypass webhook authentication by exploiting the loopback/proxy heuristics to send unauthenticated webhook events to the BlueBubbles plugin.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32896","reference_id":"CVE-2026-32896","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32896"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5mx2-2mgw-x8rm","reference_id":"GHSA-5mx2-2mgw-x8rm","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5mx2-2mgw-x8rm"},{"reference_url":"https://github.com/advisories/GHSA-vh4c-j2xv-9pv9","reference_id":"GHSA-vh4c-j2xv-9pv9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vh4c-j2xv-9pv9"}],"fixed_packages":[],"aliases":["GHSA-vh4c-j2xv-9pv9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pm3t-c8dr-zkhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360109?format=json","vulnerability_id":"VCID-pnky-1fgw-mkdb","summary":"OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries\n## Summary\nIn affected versions of `openclaw`, sandboxed leaf subagents could still access the `subagents` control surface and resolve against the parent requester scope instead of remaining confined to their own session tree.\n\n## Impact\nA low-privilege sandboxed leaf worker could steer or kill a sibling run owned by the same requester and cause that sibling to execute with its own broader tool policy. This is a sandbox and session-scope boundary bypass.\n\n## Affected Packages and Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.3.8`\n- Fixed in: `2026.3.11`\n\n## Technical Details\nLeaf subagents retained the `subagents` tool, and subagent control requests were authorized against the parent requester scope rather than the caller's own spawned descendants. The control path prevented only self-targeting, not cross-sibling steering.\n\n## Fix\nOpenClaw now removes `subagents` control access from leaf subagents by default, scopes subagent control to the caller's own descendants, and rejects `steer` and `kill` requests that target runs outside that descendant tree. The fix shipped in `openclaw@2026.3.11`.\n\n## Workarounds\nUpgrade to `2026.3.11` or later.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-4w7m-58cg-cmff","reference_id":"GHSA-4w7m-58cg-cmff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4w7m-58cg-cmff"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff","reference_id":"GHSA-4w7m-58cg-cmff","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-4w7m-58cg-cmff"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnky-1fgw-mkdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360119?format=json","vulnerability_id":"VCID-psme-ems8-17e8","summary":"Duplicate Advisory: OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-rxxp-482v-7mrh. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32049","reference_id":"CVE-2026-32049","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32049"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rxxp-482v-7mrh","reference_id":"GHSA-rxxp-482v-7mrh","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rxxp-482v-7mrh"},{"reference_url":"https://github.com/advisories/GHSA-xq3g-m3j8-2vmm","reference_id":"GHSA-xq3g-m3j8-2vmm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xq3g-m3j8-2vmm"}],"fixed_packages":[],"aliases":["GHSA-xq3g-m3j8-2vmm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psme-ems8-17e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359815?format=json","vulnerability_id":"VCID-pu7g-crjz-27c6","summary":"OpenClaw: pnpm dlx approvals did not bind local script operands\n## Summary\n\nBefore OpenClaw 2026.4.2, `pnpm dlx` approval planning did not bind local script operands the same way as related `pnpm exec` flows. A local script approved through a `pnpm dlx` path could be replaced before execution without invalidating the approval.\n\n## Impact\n\nAn operator could approve a benign local script and then execute modified script contents through the still-valid approval plan. This was an approval-integrity bug in the node-host command-planning path.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `176c059b05357df1bc09d4328a2380670859eeff` — bind local scripts in `pnpm dlx` approval plans\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @Kazamayc for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/176c059b05357df1bc09d4328a2380670859eeff","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/176c059b05357df1bc09d4328a2380670859eeff"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w6wx-jq6j-6mcj","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w6wx-jq6j-6mcj"},{"reference_url":"https://github.com/advisories/GHSA-w6wx-jq6j-6mcj","reference_id":"GHSA-w6wx-jq6j-6mcj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6wx-jq6j-6mcj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["GHSA-w6wx-jq6j-6mcj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pu7g-crjz-27c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71910?format=json","vulnerability_id":"VCID-pudw-8fpm-abak","summary":"OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope validation, bypassing intended access control restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35662","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11072","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35662"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35662","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35662"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:24:11Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7679eb375294941b02214c234aff3948796969d0","reference_id":"7679eb375294941b02214c234aff3948796969d0","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:24:11Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7679eb375294941b02214c234aff3948796969d0"},{"reference_url":"https://github.com/advisories/GHSA-x2cm-hg9c-mf5w","reference_id":"GHSA-x2cm-hg9c-mf5w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2cm-hg9c-mf5w"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x2cm-hg9c-mf5w","reference_id":"GHSA-x2cm-hg9c-mf5w","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:24:11Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x2cm-hg9c-mf5w"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-missing-controlscope-enforcement-in-send-action","reference_id":"openclaw-missing-controlscope-enforcement-in-send-action","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:24:11Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-missing-controlscope-enforcement-in-send-action"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35662","GHSA-x2cm-hg9c-mf5w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pudw-8fpm-abak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76970?format=json","vulnerability_id":"VCID-pxsn-dddj-a3hp","summary":"OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker can exploit a time-of-check-time-of-use race condition by modifying parent paths inside the sandbox to redirect committed files outside the validated writable path within the container mount namespace.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32977","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03148","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32977"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32977","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32977"},{"reference_url":"https://github.com/advisories/GHSA-xvx8-77m6-gwg6","reference_id":"GHSA-xvx8-77m6-gwg6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvx8-77m6-gwg6"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xvx8-77m6-gwg6","reference_id":"GHSA-xvx8-77m6-gwg6","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T13:28:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xvx8-77m6-gwg6"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-unanchored-writefile-commit-path","reference_id":"openclaw-sandbox-boundary-bypass-via-unanchored-writefile-commit-path","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T13:28:14Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-unanchored-writefile-commit-path"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["CVE-2026-32977","GHSA-xvx8-77m6-gwg6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pxsn-dddj-a3hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359266?format=json","vulnerability_id":"VCID-pyut-62r7-6fgp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42420","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16196","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42420"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-ccx3-fw7q-rr2r","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-ccx3-fw7q-rr2r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42420","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42420"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-improper-base64-decoding-size-validation","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-improper-base64-decoding-size-validation"},{"reference_url":"https://github.com/advisories/GHSA-ccx3-fw7q-rr2r","reference_id":"GHSA-ccx3-fw7q-rr2r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ccx3-fw7q-rr2r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42420","GHSA-ccx3-fw7q-rr2r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pyut-62r7-6fgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71449?format=json","vulnerability_id":"VCID-q18t-kkbk-j3er","summary":"OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling arbitrary command execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31997","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01078","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31997"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31997","reference_id":"CVE-2026-31997","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31997"},{"reference_url":"https://github.com/advisories/GHSA-q399-23r3-hfx4","reference_id":"GHSA-q399-23r3-hfx4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q399-23r3-hfx4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q399-23r3-hfx4","reference_id":"GHSA-q399-23r3-hfx4","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-19T14:05:09Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q399-23r3-hfx4"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-executable-rebind-via-unbound-path-token-in-system-run-approvals","reference_id":"openclaw-executable-rebind-via-unbound-path-token-in-system-run-approvals","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-19T14:05:09Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-executable-rebind-via-unbound-path-token-in-system-run-approvals"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40062?format=json","purl":"pkg:npm/openclaw@2026.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cb88-xg59-e7dh"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xbsp-wcqs-4bf4"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.1"}],"aliases":["CVE-2026-31997","GHSA-q399-23r3-hfx4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q18t-kkbk-j3er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359922?format=json","vulnerability_id":"VCID-q6h5-e93e-j3d7","summary":"Duplicate Advisory: OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-mf5g-6r6f-ghhm. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35646","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35646"},{"reference_url":"https://github.com/advisories/GHSA-59xc-5v89-r7pr","reference_id":"GHSA-59xc-5v89-r7pr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-59xc-5v89-r7pr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm","reference_id":"GHSA-mf5g-6r6f-ghhm","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-59xc-5v89-r7pr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q6h5-e93e-j3d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359921?format=json","vulnerability_id":"VCID-qcrw-m7k3-ubgm","summary":"OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset`\n## Summary\n\nThe `chat.send` path reused command authorization to trigger `/reset` session rotation even though direct session reset is an admin-only control-plane operation.\n\n## Impact\n\nA write-scoped gateway caller could rotate a target session, archive the prior transcript state, and force a new session id without admin scope.\n\n## Affected Component\n\n`src/gateway/server-methods/chat.ts, src/auto-reply/reply/session.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `be00fcfccb` (`Gateway: align chat.send reset scope checks`).","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/be00fcfccba108f88dc3d4380146c6e058770b03","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/be00fcfccba108f88dc3d4380146c6e058770b03"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28"},{"reference_url":"https://github.com/advisories/GHSA-5r8f-96gm-5j6g","reference_id":"GHSA-5r8f-96gm-5j6g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5r8f-96gm-5j6g"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5r8f-96gm-5j6g","reference_id":"GHSA-5r8f-96gm-5j6g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5r8f-96gm-5j6g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-5r8f-96gm-5j6g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcrw-m7k3-ubgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360093?format=json","vulnerability_id":"VCID-qhdq-m4mz-hyc1","summary":"OpenClaw: Feishu reaction events could bypass group authorization and mention gating\n### Summary\n\nA Feishu reaction-originated synthetic event could misclassify a group conversation as `p2p` when the inbound reaction payload omitted `chat_type`. Authorization and mention-gating logic keyed off that incorrect chat type and evaluated the event as a direct message instead of a group message.\n\n### Impact\n\nThis could bypass `groupAllowFrom` and `requireMention` protections for reaction-derived events in Feishu group chats.\n\n### Affected versions\n\n`openclaw` `<= 2026.3.11`\n\n### Patch\n\nFixed in `openclaw` `2026.3.12`. Reaction events now preserve the correct group context before authorization and mention-gate evaluation. Users should update to `2026.3.12` or later.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3e730c0332eb0a3dc9e1e8c29a5f95e933317b41","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/3e730c0332eb0a3dc9e1e8c29a5f95e933317b41"},{"reference_url":"https://github.com/openclaw/openclaw/pull/44088","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/44088"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.12"},{"reference_url":"https://github.com/advisories/GHSA-m69h-jm2f-2pv8","reference_id":"GHSA-m69h-jm2f-2pv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m69h-jm2f-2pv8"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m69h-jm2f-2pv8","reference_id":"GHSA-m69h-jm2f-2pv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m69h-jm2f-2pv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["GHSA-m69h-jm2f-2pv8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhdq-m4mz-hyc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359263?format=json","vulnerability_id":"VCID-qmnc-zfxh-87g4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41912","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10114","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41912"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vr5g-mmx7-h897","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vr5g-mmx7-h897"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41912","reference_id":"CVE-2026-41912","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41912"},{"reference_url":"https://github.com/advisories/GHSA-vr5g-mmx7-h897","reference_id":"GHSA-vr5g-mmx7-h897","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vr5g-mmx7-h897"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-41912","GHSA-vr5g-mmx7-h897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmnc-zfxh-87g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80789?format=json","vulnerability_id":"VCID-qpq9-cabj-a7hj","summary":"OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to retrieve sensitive media content within allowed media roots.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41908","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11162","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41908"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41908","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41908"},{"reference_url":"https://github.com/openclaw/openclaw/commit/99ef3a63c58440d53f8e45ad861b846032fcb036","reference_id":"99ef3a63c58440d53f8e45ad861b846032fcb036","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/"}],"url":"https://github.com/openclaw/openclaw/commit/99ef3a63c58440d53f8e45ad861b846032fcb036"},{"reference_url":"https://github.com/advisories/GHSA-v8qf-fr4g-28p2","reference_id":"GHSA-v8qf-fr4g-28p2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8qf-fr4g-28p2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8qf-fr4g-28p2","reference_id":"GHSA-v8qf-fr4g-28p2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8qf-fr4g-28p2"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-scope-enforcement-bypass-in-assistant-media-route","reference_id":"openclaw-scope-enforcement-bypass-in-assistant-media-route","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-scope-enforcement-bypass-in-assistant-media-route"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-41908","GHSA-v8qf-fr4g-28p2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpq9-cabj-a7hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67930?format=json","vulnerability_id":"VCID-qqsk-1mk9-pygw","summary":"OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and access unauthorized file contents.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44113","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11567","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44113"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44113","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44113"},{"reference_url":"https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45","reference_id":"95119017c847c737bd113f0bff728c4666d79c45","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45"},{"reference_url":"https://github.com/advisories/GHSA-5h3g-6xhh-rg6p","reference_id":"GHSA-5h3g-6xhh-rg6p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5h3g-6xhh-rg6p"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p","reference_id":"GHSA-5h3g-6xhh-rg6p","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge","reference_id":"openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44113","GHSA-5h3g-6xhh-rg6p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqsk-1mk9-pygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80816?format=json","vulnerability_id":"VCID-qqz4-uy33-qya2","summary":"OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit upload_file and upload_image endpoints to access files beyond the intended workspace-only filesystem policy.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41911","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19267","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41911"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41911","reference_id":"CVE-2026-41911","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41911"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:39:00Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-5fc7-f62m-8983","reference_id":"GHSA-5fc7-f62m-8983","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5fc7-f62m-8983"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5fc7-f62m-8983","reference_id":"GHSA-5fc7-f62m-8983","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:39:00Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5fc7-f62m-8983"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-workspace-only-filesystem-policy-bypass-via-docx-upload-file-upload-image","reference_id":"openclaw-workspace-only-filesystem-policy-bypass-via-docx-upload-file-upload-image","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:39:00Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-workspace-only-filesystem-policy-bypass-via-docx-upload-file-upload-image"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-41911","GHSA-5fc7-f62m-8983"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqz4-uy33-qya2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360014?format=json","vulnerability_id":"VCID-qt48-xw6x-nudj","summary":"Duplicate Advisory: OpenClaw's device removal and token revocation do not terminate active WebSocket sessions\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2pr2-hcv6-7gwv. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34503","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34503"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2pr2-hcv6-7gwv","reference_id":"GHSA-2pr2-hcv6-7gwv","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2pr2-hcv6-7gwv"},{"reference_url":"https://github.com/advisories/GHSA-89hr-6x2p-8xjv","reference_id":"GHSA-89hr-6x2p-8xjv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-89hr-6x2p-8xjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-89hr-6x2p-8xjv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qt48-xw6x-nudj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359756?format=json","vulnerability_id":"VCID-qt8t-f9xc-qbgp","summary":"Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-qx8j-g322-qj6m. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to unintended origins.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40037","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40037"},{"reference_url":"https://github.com/advisories/GHSA-pg8g-f2hf-x82m","reference_id":"GHSA-pg8g-f2hf-x82m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pg8g-f2hf-x82m"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qx8j-g322-qj6m","reference_id":"GHSA-qx8j-g322-qj6m","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qx8j-g322-qj6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["GHSA-pg8g-f2hf-x82m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qt8t-f9xc-qbgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71741?format=json","vulnerability_id":"VCID-qu81-grr8-x7af","summary":"OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorization validation occurs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35637","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18017","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35637"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35637","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35637"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93","reference_id":"3cbf932413e41d1836cb91aed1541a28a3122f93","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:13:08Z/"}],"url":"https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:13:08Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ebee4e2210e1f282a982c7ef2ad79d77a572fc87","reference_id":"ebee4e2210e1f282a982c7ef2ad79d77a572fc87","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:13:08Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ebee4e2210e1f282a982c7ef2ad79d77a572fc87"},{"reference_url":"https://github.com/advisories/GHSA-vfg3-pqpq-93m4","reference_id":"GHSA-vfg3-pqpq-93m4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfg3-pqpq-93m4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4","reference_id":"GHSA-vfg3-pqpq-93m4","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:13:08Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-premature-cite-expansion-before-authorization-in-channel-and-dm","reference_id":"openclaw-premature-cite-expansion-before-authorization-in-channel-and-dm","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:13:08Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-premature-cite-expansion-before-authorization-in-channel-and-dm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35637","GHSA-vfg3-pqpq-93m4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qu81-grr8-x7af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70177?format=json","vulnerability_id":"VCID-qujt-gddx-ckbm","summary":"OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42422","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16007","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42422"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42422","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42422"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:03:32Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-whf9-3hcx-gq54","reference_id":"GHSA-whf9-3hcx-gq54","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whf9-3hcx-gq54"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-whf9-3hcx-gq54","reference_id":"GHSA-whf9-3hcx-gq54","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:03:32Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-whf9-3hcx-gq54"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-role-bypass-in-device-token-rotate-function","reference_id":"openclaw-role-bypass-in-device-token-rotate-function","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:03:32Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-role-bypass-in-device-token-rotate-function"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42422","GHSA-whf9-3hcx-gq54"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qujt-gddx-ckbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77090?format=json","vulnerability_id":"VCID-qwws-3gm7-ubfu","summary":"OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve misleading command text.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32971","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06182","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32971"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32971","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32971"},{"reference_url":"https://github.com/advisories/GHSA-rw39-5899-8mxp","reference_id":"GHSA-rw39-5899-8mxp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rw39-5899-8mxp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rw39-5899-8mxp","reference_id":"GHSA-rw39-5899-8mxp","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T14:57:53Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rw39-5899-8mxp"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-node-host-approval-ui-mismatch-allows-execution-of-unintended-commands","reference_id":"openclaw-node-host-approval-ui-mismatch-allows-execution-of-unintended-commands","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T14:57:53Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-node-host-approval-ui-mismatch-allows-execution-of-unintended-commands"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["CVE-2026-32971","GHSA-rw39-5899-8mxp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwws-3gm7-ubfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360197?format=json","vulnerability_id":"VCID-qx6n-dk9c-8yd3","summary":"OpenClaw: Mutating internal `/allowlist` chat commands missed `operator.admin` scope enforcement\n> Fixed in OpenClaw 2026.3.24, the current shipping release.\n\n**Title**  \nMutating internal `/allowlist` chat commands missed `operator.admin` scope enforcement\n\n**CWE**  \nCWE-862 Missing Authorization\n\n**CVSS v3.1**  \nCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N  \nBase score: **6.5 (Medium)**\n\n**Severity Assessment**  \nMedium. This is a real authorization flaw in OpenClaw’s internal control plane. The issue does not require host access, trusted local state tampering, or multi-tenant assumptions, but exploitation does require an already authenticated internal Gateway caller with `operator.write`.\n\n**Impact**  \nAn authenticated internal Gateway caller limited to `operator.write` can perform state-changing `/allowlist` actions without `operator.admin`, even though comparable mutating internal chat commands already require `operator.admin`. The reachable effects are persistent changes to config-backed `allowFrom` entries and pairing-store-backed allowlist entries.\n\nThis is not a semantic-modeling complaint and not a generic “trusted operator can do things” claim. It is a missing authorization check inside OpenClaw’s own internal scope model, where peer mutating command surfaces already distinguish `operator.write` from `operator.admin`.\n\n**Affected Component**  \nVerified against the latest published GitHub release tag `v2026.3.23` (`ccfeecb6887cd97937e33a71877ad512741e82b2`), published `2026-03-23T23:15:50Z`.\n\nExact vulnerable path on the shipped tag:\n- `src/auto-reply/reply/commands-allowlist.ts:251-254`\n  - `/allowlist` authorization uses only `rejectUnauthorizedCommand(...)`.\n- `src/auto-reply/reply/commands-allowlist.ts:386-524`\n  - mutating config and pairing-store writes happen here, but there is no `requireGatewayClientScopeForInternalChannel(..., operator.admin, ...)`.\n\nReachability and scope model:\n- `src/gateway/method-scopes.ts:94-109`\n  - `chat.send` is a write-scoped method.\n- `src/gateway/server.chat.gateway-server-chat.test.ts:539-559`\n  - existing runtime coverage proves `chat.send` routes slash commands without an agent run.\n- `src/auto-reply/command-auth.ts:574-577`\n  - internal callers become `senderIsOwner` only when `GatewayClientScopes` includes `operator.admin`.\n\nComparable internal mutating command paths already enforce `operator.admin`:\n- `src/auto-reply/reply/commands-config.ts:64-73`\n- `src/auto-reply/reply/commands-mcp.ts:89-96`\n- `src/auto-reply/reply/commands-plugins.ts:387-394`\n- `src/auto-reply/reply/commands-acp.ts:98-106`\n\nVersion history:\n- Introduced by commit `555b2578a8cc6e1b93f717496935ead97bfbed8b` (`feat: add /allowlist command`)\n- Earliest released affected tag found: `v2026.1.20`\n- Latest released affected tag verified: `v2026.3.23`\n\n**Technical Reproduction**  \n1. Check out the shipped release tag `v2026.3.23`.\n2. Use an internal command context with:\n   - `Provider = \"webchat\"`\n   - `Surface = \"webchat\"`\n   - `GatewayClientScopes = [\"operator.write\"]`\n   - `params.command.channel = \"webchat\"`\n3. Route a slash command through `chat.send`.\n4. Execute either of these mutating commands:\n   - `/allowlist add dm channel=telegram 789`\n   - `/allowlist add dm --store channel=telegram 789`\n5. Confirm the command context is authorized but not owner-equivalent:\n   - `isAuthorizedSender === true`\n   - `senderIsOwner === false`\n6. Observe that the commands still succeed and perform persistent writes.\n\n**Demonstrated Impact**  \nThe vulnerable handler performs real state mutation for a low-scope internal caller:\n- Config-backed mutation path:\n  - `src/auto-reply/reply/commands-allowlist.ts:398-503`\n  - reads the config snapshot, applies the edit, validates, and writes the updated config to disk.\n- Store-backed mutation path:\n  - `src/auto-reply/reply/commands-allowlist.ts:479-485`\n  - `src/auto-reply/reply/commands-allowlist.ts:513-518`\n  - updates the pairing-store allowlist without any admin-scope gate.\n\nThe result is successful persistence, not just a misleading success message.\n\n**Environment**  \n- Product: OpenClaw\n- Verified shipped tag: `v2026.3.23`\n- Shipped tag commit: `ccfeecb6887cd97937e33a71877ad512741e82b2`\n- Published GitHub release time: `2026-03-23T23:15:50Z`\n- Verification date: `2026-03-24`\n\n**Duplicate Check**  \nThis is not a duplicate of:\n- `GHSA-pjvx-rx66-r3fg`\n  - that advisory covered cross-account scoping in `/allowlist ... --store`, not missing internal `operator.admin` enforcement.\n- `GHSA-hfpr-jhpq-x4rm`\n  - that advisory covered `/config` writes through `chat.send`, not `/allowlist`.\n- `GHSA-3w6x-gv34-mqpf`\n  - same authorization class, but different command path (`/acp`, not `/allowlist`).\n\n**In Scope Check**  \nThis report is in scope under `SECURITY.md` because:\n- it does **not** rely on adversarial operators sharing one gateway host or config;\n- it does **not** target the HTTP compatibility endpoints that `SECURITY.md` explicitly treats as full operator-access surfaces;\n- it demonstrates a real authorization mismatch inside OpenClaw’s own internal control-plane scope model (`operator.write` vs `operator.admin`);\n- peer mutating internal chat commands already enforce `operator.admin`, so this is not a request for a new boundary but a missing check on an existing one.\n\nThis is therefore a concrete authorization bug, not a trusted-operator hardening suggestion.\n\n**Remediation Advice**  \n1. Add `requireGatewayClientScopeForInternalChannel(..., allowedScopes: [\"operator.admin\"], ...)` to the mutating internal `/allowlist` paths.\n2. Add regression coverage for both mutation modes:\n   - internal `operator.write` must be rejected;\n   - internal `operator.admin` must be allowed.\n3. Cover both config-backed and store-backed writes.\n4. Audit other mutating internal chat-command paths for the same missing-scope pattern.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-vqvg-86cc-cg83","reference_id":"GHSA-vqvg-86cc-cg83","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vqvg-86cc-cg83"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vqvg-86cc-cg83","reference_id":"GHSA-vqvg-86cc-cg83","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vqvg-86cc-cg83"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["GHSA-vqvg-86cc-cg83"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qx6n-dk9c-8yd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77251?format=json","vulnerability_id":"VCID-qysu-d14g-j7hh","summary":"OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui client identifier to skip pairing requirements and gain unauthorized access to node event execution flows.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32057","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26243","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32057"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32057","reference_id":"CVE-2026-32057","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32057"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ec45c317f5d0631a3d333b236da58c4749ede2a3","reference_id":"ec45c317f5d0631a3d333b236da58c4749ede2a3","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:46:28Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ec45c317f5d0631a3d333b236da58c4749ede2a3"},{"reference_url":"https://github.com/advisories/GHSA-vvgp-4c28-m3jm","reference_id":"GHSA-vvgp-4c28-m3jm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvgp-4c28-m3jm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vvgp-4c28-m3jm","reference_id":"GHSA-vvgp-4c28-m3jm","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:46:28Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vvgp-4c28-m3jm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-control-ui-client-id-parameter","reference_id":"openclaw-authentication-bypass-via-control-ui-client-id-parameter","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:46:28Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-control-ui-client-id-parameter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["CVE-2026-32057","GHSA-vvgp-4c28-m3jm"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qysu-d14g-j7hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67822?format=json","vulnerability_id":"VCID-r75w-jwbm-dyew","summary":"OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering untrusted events as trusted System events.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44999","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04755","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44999"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44999","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44999"},{"reference_url":"https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7","reference_id":"f61896b03cc7031f51106a04566831f4ac2a0bd7","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/"}],"url":"https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7"},{"reference_url":"https://github.com/advisories/GHSA-57r2-h2wj-g887","reference_id":"GHSA-57r2-h2wj-g887","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57r2-h2wj-g887"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887","reference_id":"GHSA-57r2-h2wj-g887","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events","reference_id":"openclaw-improper-trust-labeling-in-isolated-cron-awareness-events","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44999","GHSA-57r2-h2wj-g887"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r75w-jwbm-dyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360089?format=json","vulnerability_id":"VCID-r9at-m759-wua3","summary":"Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-792q-qw95-f446. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue signal reaction status lines for sessions without proper DM or group access validation.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32050","reference_id":"CVE-2026-32050","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32050"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-792q-qw95-f446","reference_id":"GHSA-792q-qw95-f446","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-792q-qw95-f446"},{"reference_url":"https://github.com/advisories/GHSA-86jj-29wc-7q2w","reference_id":"GHSA-86jj-29wc-7q2w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-86jj-29wc-7q2w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/955420?format=json","purl":"pkg:npm/openclaw@2026.2.25-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25-beta.1"}],"aliases":["GHSA-86jj-29wc-7q2w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r9at-m759-wua3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360072?format=json","vulnerability_id":"VCID-rc3c-ycw2-nbcu","summary":"OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths\n## Summary\nTrusted-proxy Control UI sessions without device identity could retain self-declared privileged scopes on the device-less allow path.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `ccf16cd8892402022439346ae1d23352e3707e9e`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/gateway/server/ws-connection/message-handler.ts now strips unbound self-declared scopes on the trusted-proxy no-device path.\n- src/gateway/server/ws-connection/connect-policy.ts remains the allow path, but the shipped scope scrub prevents privilege retention without device identity.\n\nOpenClaw thanks @nexrin for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-48vw-m3qc-wr99","reference_id":"GHSA-48vw-m3qc-wr99","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-48vw-m3qc-wr99"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-48vw-m3qc-wr99","reference_id":"GHSA-48vw-m3qc-wr99","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-48vw-m3qc-wr99"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["GHSA-48vw-m3qc-wr99"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rc3c-ycw2-nbcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359255?format=json","vulnerability_id":"VCID-rffw-fgxm-1ue9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41398","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00686","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41398"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/49d08382a90f71dabe2877b3f6729ad85f808d57","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/49d08382a90f71dabe2877b3f6729ad85f808d57"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4p4f-fc8q-84m3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4p4f-fc8q-84m3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41398","reference_id":"CVE-2026-41398","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41398"},{"reference_url":"https://github.com/advisories/GHSA-4p4f-fc8q-84m3","reference_id":"GHSA-4p4f-fc8q-84m3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p4f-fc8q-84m3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-41398","GHSA-4p4f-fc8q-84m3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rffw-fgxm-1ue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70144?format=json","vulnerability_id":"VCID-rm55-3hs1-23b4","summary":"OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without the operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42432","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08083","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42432"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42432","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42432"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:17:47Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-5wj5-87vq-39xm","reference_id":"GHSA-5wj5-87vq-39xm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5wj5-87vq-39xm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5wj5-87vq-39xm","reference_id":"GHSA-5wj5-87vq-39xm","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:17:47Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5wj5-87vq-39xm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-command-escalation-via-node-pairing-reconnect-bypass","reference_id":"openclaw-command-escalation-via-node-pairing-reconnect-bypass","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:17:47Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-command-escalation-via-node-pairing-reconnect-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42432","GHSA-5wj5-87vq-39xm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rm55-3hs1-23b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360076?format=json","vulnerability_id":"VCID-rnd8-vrah-d7fs","summary":"OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE\n## Summary\nIn affected versions of `openclaw`, a caller holding only `operator.pairing` could use `device.token.rotate` to mint a new token with broader scopes for an already paired device. If the target device was approved for `operator.admin`, the attacker could obtain an administrative token without already holding administrative scope.\n\n## Impact\nThis is a critical authorization flaw. On deployments with connected node hosts or companion apps that expose `system.run`, the escalated token could then modify node execution approvals and reach real remote code execution on the node. Even without nodes, the flaw still granted unauthorized gateway-admin access.\n\n## Affected Packages and Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.3.8`\n- Fixed in: `2026.3.11`\n\n## Technical Details\n`device.token.rotate` accepted caller-supplied target scopes and validated them against the target device's approved scopes, but it did not constrain the newly minted scopes to the caller's own current scope set. That allowed a pairing-scoped caller to mint a broader token for an already paired administrative device.\n\n## Fix\nOpenClaw now enforces caller-scope subsetting in `device.token.rotate`, preventing callers from minting device tokens broader than the scopes they already hold. The fix shipped in `openclaw@2026.3.11`.\n\n## Workarounds\nUpgrade to `2026.3.11` or later.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-4jpw-hj22-2xmc","reference_id":"GHSA-4jpw-hj22-2xmc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4jpw-hj22-2xmc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4jpw-hj22-2xmc","reference_id":"GHSA-4jpw-hj22-2xmc","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4jpw-hj22-2xmc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-4jpw-hj22-2xmc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rnd8-vrah-d7fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65517?format=json","vulnerability_id":"VCID-rr2j-c7md-57gj","summary":"OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a more privileged sender's context, causing earlier messages to execute with elevated permissions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43535","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09011","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43535"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/66024","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/66024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43535","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43535"},{"reference_url":"https://github.com/openclaw/openclaw/commit/43d4be902755c970b3d15608679761877718da69","reference_id":"43d4be902755c970b3d15608679761877718da69","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T12:07:14Z/"}],"url":"https://github.com/openclaw/openclaw/commit/43d4be902755c970b3d15608679761877718da69"},{"reference_url":"https://github.com/advisories/GHSA-jwrq-8g5x-5fhm","reference_id":"GHSA-jwrq-8g5x-5fhm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jwrq-8g5x-5fhm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jwrq-8g5x-5fhm","reference_id":"GHSA-jwrq-8g5x-5fhm","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T12:07:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jwrq-8g5x-5fhm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-context-reuse-in-collect-mode-queue-batches","reference_id":"openclaw-authorization-context-reuse-in-collect-mode-queue-batches","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T12:07:14Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-context-reuse-in-collect-mode-queue-batches"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373341?format=json","purl":"pkg:npm/openclaw@2026.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14"}],"aliases":["CVE-2026-43535","GHSA-jwrq-8g5x-5fhm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rr2j-c7md-57gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71734?format=json","vulnerability_id":"VCID-s45u-hr8t-gffq","summary":"OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35617","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20304","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35617"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35617","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35617"},{"reference_url":"https://github.com/openclaw/openclaw/commit/11ea1f67863d88b6cbcb229dd368a45e07094bff","reference_id":"11ea1f67863d88b6cbcb229dd368a45e07094bff","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T20:41:28Z/"}],"url":"https://github.com/openclaw/openclaw/commit/11ea1f67863d88b6cbcb229dd368a45e07094bff"},{"reference_url":"https://github.com/advisories/GHSA-52q4-3xjc-6778","reference_id":"GHSA-52q4-3xjc-6778","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-52q4-3xjc-6778"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-52q4-3xjc-6778","reference_id":"GHSA-52q4-3xjc-6778","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T20:41:28Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-52q4-3xjc-6778"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-group-policy-rebinding-with-mutable-space-displayname","reference_id":"openclaw-authorization-bypass-via-group-policy-rebinding-with-mutable-space-displayname","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T20:41:28Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-group-policy-rebinding-with-mutable-space-displayname"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-35617","GHSA-52q4-3xjc-6778"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s45u-hr8t-gffq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71558?format=json","vulnerability_id":"VCID-sb3c-wxqd-akg3","summary":"OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey to bypass operator.admin requirements and reset arbitrary sessions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35660","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16507","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35660"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/50f6a2f136fed85b58548a38f7a3dbb98d2cd1a0","reference_id":"50f6a2f136fed85b58548a38f7a3dbb98d2cd1a0","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:41:04Z/"}],"url":"https://github.com/openclaw/openclaw/commit/50f6a2f136fed85b58548a38f7a3dbb98d2cd1a0"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:41:04Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35660","reference_id":"CVE-2026-35660","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35660"},{"reference_url":"https://github.com/advisories/GHSA-wq58-2pvg-5h4f","reference_id":"GHSA-wq58-2pvg-5h4f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq58-2pvg-5h4f"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wq58-2pvg-5h4f","reference_id":"GHSA-wq58-2pvg-5h4f","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:41:04Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wq58-2pvg-5h4f"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-insufficient-access-control-in-gateway-agent-session-reset","reference_id":"openclaw-insufficient-access-control-in-gateway-agent-session-reset","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:41:04Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-insufficient-access-control-in-gateway-agent-session-reset"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373851?format=json","purl":"pkg:npm/openclaw@2026.3.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.23"}],"aliases":["CVE-2026-35660","GHSA-wq58-2pvg-5h4f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sb3c-wxqd-akg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360458?format=json","vulnerability_id":"VCID-sbxm-vwhw-9fhd","summary":"OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs\n## Summary\nExec allowlist analysis rejects shell expansion in unquoted heredocs\n\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nAn allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body. That could make the approved command text look safer than what the shell would evaluate at runtime.\n\n## Fix\nThe exec command analyzer now tracks heredoc bodies, rejects unquoted heredoc expansion tokens and continuation-splice bypasses, and preserves quoted heredocs and literal safe text.\n\n## Fix Commit(s)\n- b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-x3h8-jrgh-p8jx","reference_id":"GHSA-x3h8-jrgh-p8jx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x3h8-jrgh-p8jx"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx","reference_id":"GHSA-x3h8-jrgh-p8jx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["GHSA-x3h8-jrgh-p8jx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sbxm-vwhw-9fhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360102?format=json","vulnerability_id":"VCID-skbd-d6ks-uqe4","summary":"Duplicate Advisory: OpenClaw's MS Teams sender allowlist bypass when route allowlist is configured and sender allowlist is empty\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-g7cr-9h7q-4qxq. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesizes wildcard sender authorization, permitting any sender in the matched team/channel to trigger replies in allowlisted Teams routes.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34506","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34506"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g7cr-9h7q-4qxq","reference_id":"GHSA-g7cr-9h7q-4qxq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g7cr-9h7q-4qxq"},{"reference_url":"https://github.com/advisories/GHSA-xg59-f45v-9r9j","reference_id":"GHSA-xg59-f45v-9r9j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xg59-f45v-9r9j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374860?format=json","purl":"pkg:npm/openclaw@2026.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.8"}],"aliases":["GHSA-xg59-f45v-9r9j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-skbd-d6ks-uqe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81036?format=json","vulnerability_id":"VCID-sqr6-smfg-uqdy","summary":"OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41298","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10415","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41298"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41298","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41298"},{"reference_url":"https://github.com/openclaw/openclaw/commit/54a0878517167c6e49900498cf77420dadb74beb","reference_id":"54a0878517167c6e49900498cf77420dadb74beb","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:34:13Z/"}],"url":"https://github.com/openclaw/openclaw/commit/54a0878517167c6e49900498cf77420dadb74beb"},{"reference_url":"https://github.com/advisories/GHSA-5hff-46vh-rxmw","reference_id":"GHSA-5hff-46vh-rxmw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5hff-46vh-rxmw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5hff-46vh-rxmw","reference_id":"GHSA-5hff-46vh-rxmw","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:34:13Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5hff-46vh-rxmw"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-session-termination-endpoint","reference_id":"openclaw-authorization-bypass-in-session-termination-endpoint","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:34:13Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-session-termination-endpoint"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-41298","GHSA-5hff-46vh-rxmw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqr6-smfg-uqdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81126?format=json","vulnerability_id":"VCID-sqxg-9akn-j7az","summary":"OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attackers can measure timing differences to leak secret-length information, weakening constant-time handling for shared secrets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41407","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12872","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41407"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41407","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41407"},{"reference_url":"https://github.com/openclaw/openclaw/commit/be10ecef770a4654519869c3641bbb91087c8c7b","reference_id":"be10ecef770a4654519869c3641bbb91087c8c7b","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:53:09Z/"}],"url":"https://github.com/openclaw/openclaw/commit/be10ecef770a4654519869c3641bbb91087c8c7b"},{"reference_url":"https://github.com/advisories/GHSA-jj6q-rrrf-h66h","reference_id":"GHSA-jj6q-rrrf-h66h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jj6q-rrrf-h66h"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jj6q-rrrf-h66h","reference_id":"GHSA-jj6q-rrrf-h66h","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:53:09Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jj6q-rrrf-h66h"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-timing-side-channel-in-shared-secret-comparison","reference_id":"openclaw-timing-side-channel-in-shared-secret-comparison","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:53:09Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-timing-side-channel-in-shared-secret-comparison"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-41407","GHSA-jj6q-rrrf-h66h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqxg-9akn-j7az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71696?format=json","vulnerability_id":"VCID-svyq-6gm7-efez","summary":"OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35646","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23408","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35646"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35646","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35646"},{"reference_url":"https://github.com/openclaw/openclaw/commit/0b4d07337467f4d40a0cc1ced83d45ceaec0863c","reference_id":"0b4d07337467f4d40a0cc1ced83d45ceaec0863c","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:57:23Z/"}],"url":"https://github.com/openclaw/openclaw/commit/0b4d07337467f4d40a0cc1ced83d45ceaec0863c"},{"reference_url":"https://github.com/advisories/GHSA-mf5g-6r6f-ghhm","reference_id":"GHSA-mf5g-6r6f-ghhm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mf5g-6r6f-ghhm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm","reference_id":"GHSA-mf5g-6r6f-ghhm","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:57:23Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-pre-authentication-rate-limit-bypass-in-webhook-token-validation","reference_id":"openclaw-pre-authentication-rate-limit-bypass-in-webhook-token-validation","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:57:23Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-pre-authentication-rate-limit-bypass-in-webhook-token-validation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-35646","GHSA-mf5g-6r6f-ghhm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svyq-6gm7-efez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80833?format=json","vulnerability_id":"VCID-t14t-27xx-83g3","summary":"OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user replies to bypass sender access controls and manipulate model context.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41358","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04394","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41358"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41358","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41358"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ac5bc4fb37becc64a2ec314864cca1565e921f2d","reference_id":"ac5bc4fb37becc64a2ec314864cca1565e921f2d","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:34:23Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ac5bc4fb37becc64a2ec314864cca1565e921f2d"},{"reference_url":"https://github.com/advisories/GHSA-qm77-8qjp-4vcm","reference_id":"GHSA-qm77-8qjp-4vcm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm77-8qjp-4vcm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qm77-8qjp-4vcm","reference_id":"GHSA-qm77-8qjp-4vcm","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:34:23Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qm77-8qjp-4vcm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-slack-thread-context","reference_id":"openclaw-sender-allowlist-bypass-via-slack-thread-context","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:34:23Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-slack-thread-context"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-41358","GHSA-qm77-8qjp-4vcm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t14t-27xx-83g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80650?format=json","vulnerability_id":"VCID-t2b3-n8xb-k3fn","summary":"OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose browser state.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41372","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1326","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41372"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41372","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41372"},{"reference_url":"https://github.com/openclaw/openclaw/commit/9c22d636697336a6b22b0ae24798d8b8325d7828","reference_id":"9c22d636697336a6b22b0ae24798d8b8325d7828","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T14:41:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/9c22d636697336a6b22b0ae24798d8b8325d7828"},{"reference_url":"https://github.com/advisories/GHSA-fh32-73r9-rgh5","reference_id":"GHSA-fh32-73r9-rgh5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh32-73r9-rgh5"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fh32-73r9-rgh5","reference_id":"GHSA-fh32-73r9-rgh5","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T14:41:19Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fh32-73r9-rgh5"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-loopback-protection-bypass-via-trailing-dot-localhost-in-cdp-discovery","reference_id":"openclaw-loopback-protection-bypass-via-trailing-dot-localhost-in-cdp-discovery","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T14:41:19Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-loopback-protection-bypass-via-trailing-dot-localhost-in-cdp-discovery"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-41372","GHSA-fh32-73r9-rgh5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2b3-n8xb-k3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359759?format=json","vulnerability_id":"VCID-t7nn-6cy7-2yak","summary":"OpenClaw: Webchat audio embedding could read local files without local-root containment\n## Impact\n\nOpenClaw deployments before `2026.4.15` could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths.\n\nIf an attacker could influence an agent or tool-produced `ReplyPayload.mediaUrl`, the webchat audio embedding helper could resolve an absolute local path or `file:` URL, read an audio-like file under the size cap, and base64-encode it into the webchat media response. This crossed the model/tool-output boundary into a host file read. Prompt injection or malicious tool output is a delivery mechanism; the security boundary failure is the missing local-root containment check.\n\nThe impact is narrow: the file had to be readable by the gateway process, have an audio-like extension, and fit within the webchat audio size cap. The issue exposed contents into the webchat assistant/media transcript path; it was not a general remote filesystem API.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected versions: `<= 2026.4.14`\n- Patched version: `2026.4.15`\n\nThe latest public release, `2026.4.21`, also contains the fix.\n\n## Patches\n\nThe public fix threads the applicable local media roots into the webchat audio embedding path and calls `assertLocalMediaAllowed` before local audio content is read. Current `main` also includes an additional `trustedLocalMedia` gate so untrusted model/tool payloads cannot opt into local audio embedding.\n\nFix commit:\n\n- `6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde`\n\n## Workarounds\n\nUpgrade to `openclaw@2026.4.15` or later. The latest public release, `2026.4.21`, is fixed. Before upgrading, avoid exposing webchat sessions to untrusted prompt/tool content that can influence reply media URLs.\n\n## Credits\n\nOpenClaw thanks @zsxsoft for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-gfg9-5357-hv4c","reference_id":"GHSA-gfg9-5357-hv4c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gfg9-5357-hv4c"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gfg9-5357-hv4c","reference_id":"GHSA-gfg9-5357-hv4c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gfg9-5357-hv4c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373280?format=json","purl":"pkg:npm/openclaw@2026.4.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15"}],"aliases":["GHSA-gfg9-5357-hv4c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t7nn-6cy7-2yak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71644?format=json","vulnerability_id":"VCID-t8uj-crn4-4qej","summary":"OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access control policies and replace route ownership across accounts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35635","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13335","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35635"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35635","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35635"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:10:29Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/980940aa58f862da4e19372597bbc2a9f268d70b","reference_id":"980940aa58f862da4e19372597bbc2a9f268d70b","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:10:29Z/"}],"url":"https://github.com/openclaw/openclaw/commit/980940aa58f862da4e19372597bbc2a9f268d70b"},{"reference_url":"https://github.com/advisories/GHSA-rqp8-q22p-5j9q","reference_id":"GHSA-rqp8-q22p-5j9q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rqp8-q22p-5j9q"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q","reference_id":"GHSA-rqp8-q22p-5j9q","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:10:29Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-webhook-path-route-replacement-vulnerability-in-synology-chat","reference_id":"openclaw-webhook-path-route-replacement-vulnerability-in-synology-chat","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:10:29Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-webhook-path-route-replacement-vulnerability-in-synology-chat"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35635","GHSA-rqp8-q22p-5j9q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8uj-crn4-4qej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359830?format=json","vulnerability_id":"VCID-tegh-qc36-ufha","summary":"OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nBundled MCP and LSP tools could be appended to the agent's effective tool set after the normal tool-policy pipeline had already filtered core tools. If an operator configured a restrictive policy, such as a tool profile, explicit allow/deny list, owner-only tool restriction, sandbox tool policy, or subagent tool policy, a bundled MCP/LSP tool could remain available even though the same policy would have denied it.\n\nThe issue required a configured bundled MCP or LSP tool source and an operator policy that should have restricted that tool. This was a local agent policy-enforcement bypass, not an unauthenticated remote gateway compromise. Severity is medium.\n\n## Fix\n\nOpenClaw now applies a final effective tool policy pass to bundled MCP/LSP tools before merging them into the tool set used by normal runs and compaction. The pass covers profile policy, provider profile policy, global/agent/group policies, owner-only filtering, sandbox tool policy, and subagent tool policy.\n\nFix commit:\n\n- `0e7a992d3f3155199c1acc2dd9a53c5b3a4d3ada`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-qrp5-gfw2-gxv4","reference_id":"GHSA-qrp5-gfw2-gxv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qrp5-gfw2-gxv4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qrp5-gfw2-gxv4","reference_id":"GHSA-qrp5-gfw2-gxv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qrp5-gfw2-gxv4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-qrp5-gfw2-gxv4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tegh-qc36-ufha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77360?format=json","vulnerability_id":"VCID-tfmw-ee3j-xuax","summary":"OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CLI and helper paths to select incorrect credential sources, potentially bypassing intended local authentication boundaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32970","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06769","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32970"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32970","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32970"},{"reference_url":"https://github.com/advisories/GHSA-qvr7-g57c-mrc7","reference_id":"GHSA-qvr7-g57c-mrc7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvr7-g57c-mrc7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qvr7-g57c-mrc7","reference_id":"GHSA-qvr7-g57c-mrc7","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:57:45Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qvr7-g57c-mrc7"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-credential-fallback-logic-bypass-via-unavailable-local-auth-secretrefs","reference_id":"openclaw-credential-fallback-logic-bypass-via-unavailable-local-auth-secretrefs","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:57:45Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-credential-fallback-logic-bypass-via-unavailable-local-auth-secretrefs"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["CVE-2026-32970","GHSA-qvr7-g57c-mrc7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfmw-ee3j-xuax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360021?format=json","vulnerability_id":"VCID-tg1c-vs9g-8ya8","summary":"OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement\n## Summary\n\nDiscord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages.\n\n## Impact\n\nUsers could trigger privileged component actions from contexts that should have been blocked by Discord channel policy.\n\n## Affected Component\n\n`extensions/discord/src/monitor/agent-components.ts`\n\n## Fixed Versions\n\n- Affected: `>= 2026.2.14, <= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `511093d4b3` (`Discord: apply component interaction policy gates`).","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/511093d4b37c0831c778fabd25ec3020834983c3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/511093d4b37c0831c778fabd25ec3020834983c3"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.28"},{"reference_url":"https://github.com/advisories/GHSA-jp4j-q5fc-58gv","reference_id":"GHSA-jp4j-q5fc-58gv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jp4j-q5fc-58gv"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jp4j-q5fc-58gv","reference_id":"GHSA-jp4j-q5fc-58gv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jp4j-q5fc-58gv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-jp4j-q5fc-58gv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tg1c-vs9g-8ya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359813?format=json","vulnerability_id":"VCID-tgnw-vne2-2kc1","summary":"OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads\n## Summary\n\nBrowser interaction routes could pivot into local CDP and regain file reads.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.9`\n- Patched versions: `>= 2026.4.9`\n\n## Impact\n\nBrowser act/evaluate interactions could trigger navigation into the local CDP origin and then create or read disallowed `file://` pages despite direct navigation guards.\n\n## Technical Details\n\nThe fix re-checks browser URLs after interaction-driven navigations and blocks targets that violate the configured navigation policy.\n\n## Fix\n\nThe issue was fixed in #63226. The first stable tag containing the fix is `v2026.4.9`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `5f5b3d733bdd791cb457f838514179e1288b10b3`\n- PR: #63226\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.9 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @tdjackey for reporting this issue.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/63226","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/63226"},{"reference_url":"https://github.com/advisories/GHSA-qmwg-qprg-3j38","reference_id":"GHSA-qmwg-qprg-3j38","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qmwg-qprg-3j38"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qmwg-qprg-3j38","reference_id":"GHSA-qmwg-qprg-3j38","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qmwg-qprg-3j38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373416?format=json","purl":"pkg:npm/openclaw@2026.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-bdss-ct5q-cyak"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vbfg-fz5c-9yde"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.9"}],"aliases":["GHSA-qmwg-qprg-3j38"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgnw-vne2-2kc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359852?format=json","vulnerability_id":"VCID-tm7a-1rzn-5yak","summary":"OpenClaw: Lower-trust background runtime output is injected into trusted `System:` events, and local async exec completion misses the intended `exec-event` downgrade\n## Impact\n\nLower-trust background runtime output is injected into trusted `System:` events, and local async exec completion misses the intended `exec-event` downgrade.\n\nLower-trust runtime/background output could be promoted into trusted System events, allowing prompt-injection into later agent turns.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.2`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @tdjackey for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gfmx-pph7-g46x","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gfmx-pph7-g46x"},{"reference_url":"https://github.com/advisories/GHSA-gfmx-pph7-g46x","reference_id":"GHSA-gfmx-pph7-g46x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gfmx-pph7-g46x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["GHSA-gfmx-pph7-g46x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tm7a-1rzn-5yak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80975?format=json","vulnerability_id":"VCID-tm94-jwz9-kkd6","summary":"OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature verification.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41351","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1326","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41351"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41351","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41351"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ad77666054651c1fd77b1dc60fd6a8db6600a29a","reference_id":"ad77666054651c1fd77b1dc60fd6a8db6600a29a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:33:40Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ad77666054651c1fd77b1dc60fd6a8db6600a29a"},{"reference_url":"https://github.com/advisories/GHSA-37v6-fxx8-xjmx","reference_id":"GHSA-37v6-fxx8-xjmx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-37v6-fxx8-xjmx"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-37v6-fxx8-xjmx","reference_id":"GHSA-37v6-fxx8-xjmx","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:33:40Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-37v6-fxx8-xjmx"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-webhook-replay-detection-bypass-via-base64-signature-re-encoding","reference_id":"openclaw-webhook-replay-detection-bypass-via-base64-signature-re-encoding","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:33:40Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-webhook-replay-detection-bypass-via-base64-signature-re-encoding"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41351","GHSA-37v6-fxx8-xjmx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tm94-jwz9-kkd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77183?format=json","vulnerability_id":"VCID-ts15-y9qj-13e9","summary":"OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32846","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.082","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32846"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32846","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32846"},{"reference_url":"https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37","reference_id":"4797bbc5b96e2cca5532e43b58915c051746fe37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:43:02Z/"}],"url":"https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37"},{"reference_url":"https://github.com/openclaw/openclaw/pull/54642","reference_id":"54642","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:43:02Z/"}],"url":"https://github.com/openclaw/openclaw/pull/54642"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r","reference_id":"GHSA-f6pf-4gjx-c94r","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:43:02Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r"},{"reference_url":"https://github.com/advisories/GHSA-hggm-x7r9-mm7v","reference_id":"GHSA-hggm-x7r9-mm7v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hggm-x7r9-mm7v"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-media-parsing-path-traversal-to-arbitrary-file-read","reference_id":"openclaw-media-parsing-path-traversal-to-arbitrary-file-read","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:43:02Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-media-parsing-path-traversal-to-arbitrary-file-read"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-32846","GHSA-hggm-x7r9-mm7v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ts15-y9qj-13e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359245?format=json","vulnerability_id":"VCID-ttg2-j7x3-m7de","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41342","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02886","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41342"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d6affb17d85f5f5ab08ef9f2b994b257af12e75a","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/d6affb17d85f5f5ab08ef9f2b994b257af12e75a"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3cw3-5vxw-g2h3","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3cw3-5vxw-g2h3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41342","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41342"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unauthenticated-discovery-endpoint-credential-exfiltration-via-remote-onboarding","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-unauthenticated-discovery-endpoint-credential-exfiltration-via-remote-onboarding"},{"reference_url":"https://github.com/advisories/GHSA-3cw3-5vxw-g2h3","reference_id":"GHSA-3cw3-5vxw-g2h3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3cw3-5vxw-g2h3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41342","GHSA-3cw3-5vxw-g2h3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttg2-j7x3-m7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81008?format=json","vulnerability_id":"VCID-tyz3-w2hm-gqg7","summary":"OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS authorities. Attackers with same-tailnet position and CA-trusted endpoint access can exfiltrate operator credentials through DNS steering manipulation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41393","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00687","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41393"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a23c33a681f8c1b22dc793995acc4c5c4b568346","reference_id":"a23c33a681f8c1b22dc793995acc4c5c4b568346","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:50:17Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a23c33a681f8c1b22dc793995acc4c5c4b568346"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41393","reference_id":"CVE-2026-41393","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41393"},{"reference_url":"https://github.com/advisories/GHSA-q9w8-cf67-r238","reference_id":"GHSA-q9w8-cf67-r238","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q9w8-cf67-r238"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q9w8-cf67-r238","reference_id":"GHSA-q9w8-cf67-r238","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:50:17Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q9w8-cf67-r238"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-dns-authority-acceptance-and-credential-exfiltration-via-wide-area-discovery","reference_id":"openclaw-arbitrary-dns-authority-acceptance-and-credential-exfiltration-via-wide-area-discovery","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:50:17Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-dns-authority-acceptance-and-credential-exfiltration-via-wide-area-discovery"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41393","GHSA-q9w8-cf67-r238"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tyz3-w2hm-gqg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71281?format=json","vulnerability_id":"VCID-ua3s-nu49-r3c3","summary":"OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain unauthorized group access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31991","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13983","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31991"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/64de4b6d6ae81e269ceb4ca16f53cda99ced967a","reference_id":"64de4b6d6ae81e269ceb4ca16f53cda99ced967a","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:14:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/64de4b6d6ae81e269ceb4ca16f53cda99ced967a"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8bdda7a651c21e98faccdbbd73081e79cffe8be0","reference_id":"8bdda7a651c21e98faccdbbd73081e79cffe8be0","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:14:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/8bdda7a651c21e98faccdbbd73081e79cffe8be0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31991","reference_id":"CVE-2026-31991","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31991"},{"reference_url":"https://github.com/advisories/GHSA-wm8r-w8pf-2v6w","reference_id":"GHSA-wm8r-w8pf-2v6w","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wm8r-w8pf-2v6w"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wm8r-w8pf-2v6w","reference_id":"GHSA-wm8r-w8pf-2v6w","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:14:58Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wm8r-w8pf-2v6w"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-dm-pairing-store-leakage-in-signal-group-allowlist","reference_id":"openclaw-authorization-bypass-via-dm-pairing-store-leakage-in-signal-group-allowlist","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:14:58Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-dm-pairing-store-leakage-in-signal-group-allowlist"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["CVE-2026-31991","GHSA-wm8r-w8pf-2v6w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ua3s-nu49-r3c3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360090?format=json","vulnerability_id":"VCID-uass-9jcc-x3f5","summary":"Duplicate Advisory: OpenClaw has browser trace/download path symlink escape in temp output handling\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-36h3-7c54-j27r. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp directory, enabling arbitrary file overwrite on the affected system.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32054","reference_id":"CVE-2026-32054","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32054"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-36h3-7c54-j27r","reference_id":"GHSA-36h3-7c54-j27r","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-36h3-7c54-j27r"},{"reference_url":"https://github.com/advisories/GHSA-ffr4-mrhv-vfr2","reference_id":"GHSA-ffr4-mrhv-vfr2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffr4-mrhv-vfr2"}],"fixed_packages":[],"aliases":["GHSA-ffr4-mrhv-vfr2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uass-9jcc-x3f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71693?format=json","vulnerability_id":"VCID-ub5p-bp37-hff5","summary":"OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal command-authorized context and persist channel allowFrom and groupAllowFrom policy changes reserved for operator.admin scope.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35621","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11629","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35621"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35621","reference_id":"CVE-2026-35621","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35621"},{"reference_url":"https://github.com/advisories/GHSA-94pw-c6m8-p9p9","reference_id":"GHSA-94pw-c6m8-p9p9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-94pw-c6m8-p9p9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-94pw-c6m8-p9p9","reference_id":"GHSA-94pw-c6m8-p9p9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:07Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-94pw-c6m8-p9p9"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-to-allowlist-persistence","reference_id":"openclaw-privilege-escalation-via-chat-send-to-allowlist-persistence","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:07Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-to-allowlist-persistence"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["CVE-2026-35621","GHSA-94pw-c6m8-p9p9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ub5p-bp37-hff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360016?format=json","vulnerability_id":"VCID-umc5-sf9t-p7h6","summary":"Duplicate Advisory: OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-rw39-5899-8mxp. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve misleading command text.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32971","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32971"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rw39-5899-8mxp","reference_id":"GHSA-rw39-5899-8mxp","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rw39-5899-8mxp"},{"reference_url":"https://github.com/advisories/GHSA-w8rf-7qf8-65ww","reference_id":"GHSA-w8rf-7qf8-65ww","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w8rf-7qf8-65ww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-w8rf-7qf8-65ww"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umc5-sf9t-p7h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360006?format=json","vulnerability_id":"VCID-unkk-dpkx-mkhk","summary":"Duplicate Advisory: OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-v8cg-4474-49v8. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending system events from non-allowlisted senders through message_changed, message_deleted, and thread_broadcast events.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32895","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32895"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8cg-4474-49v8","reference_id":"GHSA-v8cg-4474-49v8","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8cg-4474-49v8"},{"reference_url":"https://github.com/advisories/GHSA-xgwg-m42c-8q62","reference_id":"GHSA-xgwg-m42c-8q62","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xgwg-m42c-8q62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["GHSA-xgwg-m42c-8q62"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-unkk-dpkx-mkhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83258?format=json","vulnerability_id":"VCID-utnp-5swq-4qan","summary":"OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and write files to arbitrary locations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22180","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06226","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22180"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/104d32bb64cdf19d5e77f70553a511a2ae90ad1c","reference_id":"104d32bb64cdf19d5e77f70553a511a2ae90ad1c","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T16:04:16Z/"}],"url":"https://github.com/openclaw/openclaw/commit/104d32bb64cdf19d5e77f70553a511a2ae90ad1c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22180","reference_id":"CVE-2026-22180","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22180"},{"reference_url":"https://github.com/advisories/GHSA-3pxq-f3cp-jmxp","reference_id":"GHSA-3pxq-f3cp-jmxp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3pxq-f3cp-jmxp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3pxq-f3cp-jmxp","reference_id":"GHSA-3pxq-f3cp-jmxp","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T16:04:16Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3pxq-f3cp-jmxp"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-path-confinement-bypass-in-browser-output-and-file-write-operations","reference_id":"openclaw-path-confinement-bypass-in-browser-output-and-file-write-operations","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T16:04:16Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-path-confinement-bypass-in-browser-output-and-file-write-operations"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40136?format=json","purl":"pkg:npm/openclaw@2026.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2"}],"aliases":["CVE-2026-22180","GHSA-3pxq-f3cp-jmxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utnp-5swq-4qan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359812?format=json","vulnerability_id":"VCID-uxkz-gf1t-kua1","summary":"Duplicate Advisory: OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-rhfg-j8jq-7v2h. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to blocked internal destinations and access restricted resources.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35629","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35629"},{"reference_url":"https://github.com/advisories/GHSA-8j7f-g9gv-7jhc","reference_id":"GHSA-8j7f-g9gv-7jhc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8j7f-g9gv-7jhc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2h","reference_id":"GHSA-rhfg-j8jq-7v2h","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["GHSA-8j7f-g9gv-7jhc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxkz-gf1t-kua1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71517?format=json","vulnerability_id":"VCID-uztv-hr8t-dyeu","summary":"OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate unbounded memory before failure handling occurs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35633","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36236","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35633"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35633","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35633"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:09:43Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/81445a901091a5d27ef0b56fceedbe4724566438","reference_id":"81445a901091a5d27ef0b56fceedbe4724566438","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:09:43Z/"}],"url":"https://github.com/openclaw/openclaw/commit/81445a901091a5d27ef0b56fceedbe4724566438"},{"reference_url":"https://github.com/advisories/GHSA-4qwc-c7g9-4xcw","reference_id":"GHSA-4qwc-c7g9-4xcw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qwc-c7g9-4xcw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw","reference_id":"GHSA-4qwc-c7g9-4xcw","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:09:43Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-unbounded-memory-allocation-via-remote-media-error-responses","reference_id":"openclaw-unbounded-memory-allocation-via-remote-media-error-responses","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:09:43Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-unbounded-memory-allocation-via-remote-media-error-responses"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35633","GHSA-4qwc-c7g9-4xcw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uztv-hr8t-dyeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359868?format=json","vulnerability_id":"VCID-v3g3-zvr2-3khy","summary":"OpenClaw: Zalo replay dedupe cache could suppress events across authenticated webhook targets\n## Summary\n\nBefore OpenClaw 2026.3.31, the Zalo webhook replay-dedupe cache was shared across authenticated webhook targets and keyed too broadly. In multi-account deployments, a replay seen on one account could suppress a legitimate event on another account if `event_name` and `message_id` matched.\n\n## Impact\n\nAn attacker who controlled one authenticated Zalo webhook path in a multi-account gateway deployment could cause silent message suppression on a different Zalo account sharing that gateway. This was an availability issue; it did not provide cross-account authentication or data access.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `>= 2026.2.19, < 2026.3.31`\n- Patched versions: `>= 2026.3.31`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `4d038bb242c11f39e45f6a4bde400e5fd42e4ebf` — scope webhook replay dedupe per target\n- `7cea7c29705b188b464cc9cdc107c275b94b2a72` — follow-up hardening to scope replay dedupe by path and account\n\n## Release Process Note\n\nThe initial fix shipped in OpenClaw `2026.3.31` on March 31, 2026. The current published npm release `2026.4.1` from April 1, 2026 also contains follow-up hardening for the same surface.\n\nThanks @nexrin for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-fqrj-m88p-qf3v","reference_id":"GHSA-fqrj-m88p-qf3v","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fqrj-m88p-qf3v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fqrj-m88p-qf3v","reference_id":"GHSA-fqrj-m88p-qf3v","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fqrj-m88p-qf3v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["GHSA-fqrj-m88p-qf3v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3g3-zvr2-3khy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65465?format=json","vulnerability_id":"VCID-v3u2-k16m-9kdp","summary":"OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication material, and channel credentials that should have been redacted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43528","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26196","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43528"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/66030","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/66030"},{"reference_url":"https://github.com/openclaw/openclaw/commit/86734ef93a2f25063371b04f1946eb300548acd4","reference_id":"86734ef93a2f25063371b04f1946eb300548acd4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:57Z/"}],"url":"https://github.com/openclaw/openclaw/commit/86734ef93a2f25063371b04f1946eb300548acd4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43528","reference_id":"CVE-2026-43528","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43528"},{"reference_url":"https://github.com/advisories/GHSA-8372-7vhw-cm6q","reference_id":"GHSA-8372-7vhw-cm6q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8372-7vhw-cm6q"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8372-7vhw-cm6q","reference_id":"GHSA-8372-7vhw-cm6q","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:57Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8372-7vhw-cm6q"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-redaction-bypass-via-sourceconfig-and-runtimeconfig-aliases","reference_id":"openclaw-redaction-bypass-via-sourceconfig-and-runtimeconfig-aliases","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:57Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-redaction-bypass-via-sourceconfig-and-runtimeconfig-aliases"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373341?format=json","purl":"pkg:npm/openclaw@2026.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14"}],"aliases":["CVE-2026-43528","GHSA-8372-7vhw-cm6q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3u2-k16m-9kdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359841?format=json","vulnerability_id":"VCID-v6e8-g5w8-k3ax","summary":"OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nBrowser profile creation normalized `cdpUrl` values before persisting them, but did not apply the configured browser SSRF policy at creation time. In deployments that explicitly disabled private-network CDP targets, a stored profile could still point at a private-network or metadata endpoint and later be probed by normal profile status flows.\n\nDefault trusted-operator browser behavior allows private-network CDP endpoints, so this only affected strict-mode deployments. Severity is low.\n\n## Fix\n\nOpenClaw now checks CDP endpoints against the browser SSRF policy during profile creation and reachability operations.\n\nFix commits:\n\n- `1fd049e3074cac72f6734a7fe88468c84f5f8bd7`\n- `e90c89cf8b1459f2aa1f3a665be67392b6c03fdf`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-j4c5-89f5-f3pm","reference_id":"GHSA-j4c5-89f5-f3pm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j4c5-89f5-f3pm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm","reference_id":"GHSA-j4c5-89f5-f3pm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-j4c5-89f5-f3pm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6e8-g5w8-k3ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360167?format=json","vulnerability_id":"VCID-vce7-4bp4-k3bq","summary":"Duplicate Advisory: OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-vqx8-9xxw-f2m7. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state transitions, potentially causing incorrect call handling and state corruption.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32053","reference_id":"CVE-2026-32053","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32053"},{"reference_url":"https://github.com/advisories/GHSA-3r78-rqg8-95gg","reference_id":"GHSA-3r78-rqg8-95gg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3r78-rqg8-95gg"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vqx8-9xxw-f2m7","reference_id":"GHSA-vqx8-9xxw-f2m7","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vqx8-9xxw-f2m7"}],"fixed_packages":[],"aliases":["GHSA-3r78-rqg8-95gg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vce7-4bp4-k3bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212726?format=json","vulnerability_id":"VCID-vcyc-ydxy-9bbh","summary":"OpenClaw has a IPv6 multicast SSRF classifier bypass","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/baf656bc6fd7f83b6033e6dbc2548ec75028641f","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/baf656bc6fd7f83b6033e6dbc2548ec75028641f"},{"reference_url":"https://github.com/advisories/GHSA-h97f-6pqj-q452","reference_id":"GHSA-h97f-6pqj-q452","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h97f-6pqj-q452"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h97f-6pqj-q452","reference_id":"GHSA-h97f-6pqj-q452","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h97f-6pqj-q452"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["GHSA-h97f-6pqj-q452"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vcyc-ydxy-9bbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71637?format=json","vulnerability_id":"VCID-vh9v-4d1k-5ygk","summary":"OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform unauthorized administrative actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35669","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16007","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35669"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35669","reference_id":"CVE-2026-35669","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35669"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ec2dbcff9afd8a52e00de054b506c91726d9fbbe","reference_id":"ec2dbcff9afd8a52e00de054b506c91726d9fbbe","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:16Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ec2dbcff9afd8a52e00de054b506c91726d9fbbe"},{"reference_url":"https://github.com/advisories/GHSA-qm2m-28pf-hgjw","reference_id":"GHSA-qm2m-28pf-hgjw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm2m-28pf-hgjw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qm2m-28pf-hgjw","reference_id":"GHSA-qm2m-28pf-hgjw","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:16Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qm2m-28pf-hgjw"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-gateway-plugin-http-authentication-scope","reference_id":"openclaw-privilege-escalation-via-gateway-plugin-http-authentication-scope","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:16Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-gateway-plugin-http-authentication-scope"}],"fixed_packages":[],"aliases":["CVE-2026-35669","GHSA-qm2m-28pf-hgjw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vh9v-4d1k-5ygk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359250?format=json","vulnerability_id":"VCID-vpee-kdhr-xuf3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41373","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02454","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41373"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/e277a37f896b5011a1df06e6490c6630074d0afa","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/e277a37f896b5011a1df06e6490c6630074d0afa"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g8xp-qx39-9jq9","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g8xp-qx39-9jq9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41373","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41373"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-compiler-binary-substitution-via-environment-variable-override-in-host-execution-policy","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-compiler-binary-substitution-via-environment-variable-override-in-host-execution-policy"},{"reference_url":"https://github.com/advisories/GHSA-g8xp-qx39-9jq9","reference_id":"GHSA-g8xp-qx39-9jq9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g8xp-qx39-9jq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41373","GHSA-g8xp-qx39-9jq9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpee-kdhr-xuf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359252?format=json","vulnerability_id":"VCID-vrd4-ue7s-queb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41379","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08342","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41379"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/e34694733fc64931ed4a543c73d84ad3435d5df1","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/e34694733fc64931ed4a543c73d84ad3435d5df1"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3q42-xmxv-9vfr","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3q42-xmxv-9vfr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41379","reference_id":"CVE-2026-41379","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41379"},{"reference_url":"https://github.com/advisories/GHSA-3q42-xmxv-9vfr","reference_id":"GHSA-3q42-xmxv-9vfr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3q42-xmxv-9vfr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41379","GHSA-3q42-xmxv-9vfr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrd4-ue7s-queb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360111?format=json","vulnerability_id":"VCID-vwzy-r5v5-mfbk","summary":"Duplicate Advisory: OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-rm2p-j3r7-4x4j]. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction_* and pin_* non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from restricted senders.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32899","reference_id":"CVE-2026-32899","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32899"},{"reference_url":"https://github.com/advisories/GHSA-g839-vp47-wgh8","reference_id":"GHSA-g839-vp47-wgh8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g839-vp47-wgh8"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rm2p-j3r7-4x4j","reference_id":"GHSA-rm2p-j3r7-4x4j","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rm2p-j3r7-4x4j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/955420?format=json","purl":"pkg:npm/openclaw@2026.2.25-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25-beta.1"}],"aliases":["GHSA-g839-vp47-wgh8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwzy-r5v5-mfbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212702?format=json","vulnerability_id":"VCID-vz6e-zxhj-8fa7","summary":"OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/e56b0cf1a04f992ac6ebc775899f48ea31687640","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/e56b0cf1a04f992ac6ebc775899f48ea31687640"},{"reference_url":"https://github.com/advisories/GHSA-qj22-xqjr-v83v","reference_id":"GHSA-qj22-xqjr-v83v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qj22-xqjr-v83v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qj22-xqjr-v83v","reference_id":"GHSA-qj22-xqjr-v83v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qj22-xqjr-v83v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["GHSA-qj22-xqjr-v83v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vz6e-zxhj-8fa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71725?format=json","vulnerability_id":"VCID-w49b-cbcg-abat","summary":"OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the browser.request surface to stop the running browser, close Playwright connections, and move profile directories to Trash, crossing intended privilege boundaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35653","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17389","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35653"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/4dcc39c25c6cc63fedfd004f52d173716576fcf0","reference_id":"4dcc39c25c6cc63fedfd004f52d173716576fcf0","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-10T16:59:20Z/"}],"url":"https://github.com/openclaw/openclaw/commit/4dcc39c25c6cc63fedfd004f52d173716576fcf0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35653","reference_id":"CVE-2026-35653","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35653"},{"reference_url":"https://github.com/openclaw/openclaw/commit/e7d11f6c33e223a0dd8a21cfe01076bd76cef87a","reference_id":"e7d11f6c33e223a0dd8a21cfe01076bd76cef87a","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-10T16:59:20Z/"}],"url":"https://github.com/openclaw/openclaw/commit/e7d11f6c33e223a0dd8a21cfe01076bd76cef87a"},{"reference_url":"https://github.com/advisories/GHSA-xp9r-prpg-373r","reference_id":"GHSA-xp9r-prpg-373r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xp9r-prpg-373r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xp9r-prpg-373r","reference_id":"GHSA-xp9r-prpg-373r","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-10T16:59:20Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xp9r-prpg-373r"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-incorrect-authorization-in-post-reset-profile-via-browser-request","reference_id":"openclaw-incorrect-authorization-in-post-reset-profile-via-browser-request","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-10T16:59:20Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-incorrect-authorization-in-post-reset-profile-via-browser-request"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["CVE-2026-35653","GHSA-xp9r-prpg-373r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w49b-cbcg-abat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77056?format=json","vulnerability_id":"VCID-w816-x4a9-h7fq","summary":"OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending requests with alternative path encodings to access protected plugin channel APIs without proper gateway authentication.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32031","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17475","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32031"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32031","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32031"},{"reference_url":"https://github.com/advisories/GHSA-8j2w-6fmm-m587","reference_id":"GHSA-8j2w-6fmm-m587","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8j2w-6fmm-m587"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8j2w-6fmm-m587","reference_id":"GHSA-8j2w-6fmm-m587","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T18:02:13Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8j2w-6fmm-m587"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-path-canonicalization-mismatch-in-api-channels-gateway","reference_id":"openclaw-authentication-bypass-via-path-canonicalization-mismatch-in-api-channels-gateway","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T18:02:13Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-path-canonicalization-mismatch-in-api-channels-gateway"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["CVE-2026-32031","GHSA-8j2w-6fmm-m587"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w816-x4a9-h7fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71525?format=json","vulnerability_id":"VCID-wbf3-5k7u-x7ap","summary":"OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through inconsistent validation to execute arbitrary code with unintended environment variables.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35650","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23906","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35650"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35650","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35650"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T18:22:30Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7abfff756d6c68d17e21d1657bbacbaec86de232","reference_id":"7abfff756d6c68d17e21d1657bbacbaec86de232","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T18:22:30Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7abfff756d6c68d17e21d1657bbacbaec86de232"},{"reference_url":"https://github.com/advisories/GHSA-39pp-xp36-q6mg","reference_id":"GHSA-39pp-xp36-q6mg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-39pp-xp36-q6mg"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-39pp-xp36-q6mg","reference_id":"GHSA-39pp-xp36-q6mg","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T18:22:30Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-39pp-xp36-q6mg"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-override-bypass-via-inconsistent-sanitization","reference_id":"openclaw-environment-variable-override-bypass-via-inconsistent-sanitization","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T18:22:30Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-override-bypass-via-inconsistent-sanitization"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35650","GHSA-39pp-xp36-q6mg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbf3-5k7u-x7ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80718?format=json","vulnerability_id":"VCID-wje6-u94m-h3d5","summary":"OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch() calls to access internal resources or interact with external services on behalf of the affected system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41302","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13373","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41302"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41302","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41302"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8deb9522f3d2680820588b190adb4a2a52f3670b","reference_id":"8deb9522f3d2680820588b190adb4a2a52f3670b","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:02:24Z/"}],"url":"https://github.com/openclaw/openclaw/commit/8deb9522f3d2680820588b190adb4a2a52f3670b"},{"reference_url":"https://github.com/advisories/GHSA-9q7v-8mr7-g23p","reference_id":"GHSA-9q7v-8mr7-g23p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9q7v-8mr7-g23p"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9q7v-8mr7-g23p","reference_id":"GHSA-9q7v-8mr7-g23p","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:02:24Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9q7v-8mr7-g23p"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-fetch-in-marketplace-plugin-download","reference_id":"openclaw-server-side-request-forgery-via-unguarded-fetch-in-marketplace-plugin-download","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:02:24Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-fetch-in-marketplace-plugin-download"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41302","GHSA-9q7v-8mr7-g23p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wje6-u94m-h3d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80800?format=json","vulnerability_id":"VCID-wks9-hb2x-f7et","summary":"OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to restricted voice channels.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41382","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10415","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41382"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41382","reference_id":"CVE-2026-41382","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41382"},{"reference_url":"https://github.com/openclaw/openclaw/commit/dba96e7507e0900f120e5e28e57755d69bf78759","reference_id":"dba96e7507e0900f120e5e28e57755d69bf78759","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:03Z/"}],"url":"https://github.com/openclaw/openclaw/commit/dba96e7507e0900f120e5e28e57755d69bf78759"},{"reference_url":"https://github.com/advisories/GHSA-x2m8-53h4-6hch","reference_id":"GHSA-x2m8-53h4-6hch","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2m8-53h4-6hch"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x2m8-53h4-6hch","reference_id":"GHSA-x2m8-53h4-6hch","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:03Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x2m8-53h4-6hch"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-discord-voice-ingress-authorization-bypass-via-channel-and-role-validation-gaps","reference_id":"openclaw-discord-voice-ingress-authorization-bypass-via-channel-and-role-validation-gaps","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:03Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-discord-voice-ingress-authorization-bypass-via-channel-and-role-validation-gaps"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41382","GHSA-x2m8-53h4-6hch"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wks9-hb2x-f7et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212717?format=json","vulnerability_id":"VCID-wnuj-9531-h7ac","summary":"OpenClaw skills-install-download: tar.bz2 extraction bypassed archive safety parity checks (local DoS)","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-77hf-7fqf-f227","reference_id":"GHSA-77hf-7fqf-f227","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77hf-7fqf-f227"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-77hf-7fqf-f227","reference_id":"GHSA-77hf-7fqf-f227","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-77hf-7fqf-f227"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40136?format=json","purl":"pkg:npm/openclaw@2026.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.2"}],"aliases":["GHSA-77hf-7fqf-f227"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wnuj-9531-h7ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80825?format=json","vulnerability_id":"VCID-wwx4-qepr-6ue8","summary":"OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41383","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18536","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41383"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/b21c9840c2e38f4bb338d031511b479d5f07ca25","reference_id":"b21c9840c2e38f4bb338d031511b479d5f07ca25","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:49:59Z/"}],"url":"https://github.com/openclaw/openclaw/commit/b21c9840c2e38f4bb338d031511b479d5f07ca25"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41383","reference_id":"CVE-2026-41383","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41383"},{"reference_url":"https://github.com/advisories/GHSA-m34q-h93w-vg5x","reference_id":"GHSA-m34q-h93w-vg5x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m34q-h93w-vg5x"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m34q-h93w-vg5x","reference_id":"GHSA-m34q-h93w-vg5x","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:49:59Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m34q-h93w-vg5x"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-remote-directory-deletion-via-mis-scoped-mirror-mode-paths","reference_id":"openclaw-arbitrary-remote-directory-deletion-via-mis-scoped-mirror-mode-paths","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:49:59Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-remote-directory-deletion-via-mis-scoped-mirror-mode-paths"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-41383","GHSA-m34q-h93w-vg5x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwx4-qepr-6ue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360129?format=json","vulnerability_id":"VCID-wy1e-xtu7-v3ah","summary":"OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement\n## Summary\nMutating internal ACP chat commands missed the operator.admin gate that should separate read-only and mutating control-plane actions.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `229426a257e49694a59fa4e3895861d02a4d767f`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/auto-reply/reply/commands-acp.ts now requires operator.admin for mutating internal ACP actions.\n- src/auto-reply/reply/commands-acp.test.ts ships regression coverage for non-admin denial and admin success cases.\n\nOpenClaw thanks @tdjackey for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-3w6x-gv34-mqpf","reference_id":"GHSA-3w6x-gv34-mqpf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3w6x-gv34-mqpf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3w6x-gv34-mqpf","reference_id":"GHSA-3w6x-gv34-mqpf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3w6x-gv34-mqpf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["GHSA-3w6x-gv34-mqpf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wy1e-xtu7-v3ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360084?format=json","vulnerability_id":"VCID-wy7x-h8yp-6kcs","summary":"Duplicate Advisory: OpenClaw's system.run approvals did not bind mutable script operands across approval and execution\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-8g75-q649-6pv6. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content while maintaining the same approved command shape.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32921","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32921"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8g75-q649-6pv6","reference_id":"GHSA-8g75-q649-6pv6","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8g75-q649-6pv6"},{"reference_url":"https://github.com/advisories/GHSA-wwrj-437c-ppq4","reference_id":"GHSA-wwrj-437c-ppq4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wwrj-437c-ppq4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374860?format=json","purl":"pkg:npm/openclaw@2026.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.8"}],"aliases":["GHSA-wwrj-437c-ppq4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wy7x-h8yp-6kcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360145?format=json","vulnerability_id":"VCID-wz6y-gpz9-sqfp","summary":"Duplicate Advisory: OpenClaw has an improper sandbox configuration vulnerability\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-43x4-g22p-3hrq. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the Chromium browser container to achieve code execution on the host system.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32046","reference_id":"CVE-2026-32046","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32046"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-43x4-g22p-3hrq","reference_id":"GHSA-43x4-g22p-3hrq","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-43x4-g22p-3hrq"},{"reference_url":"https://github.com/advisories/GHSA-q94v-v6m9-jhq9","reference_id":"GHSA-q94v-v6m9-jhq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q94v-v6m9-jhq9"}],"fixed_packages":[],"aliases":["GHSA-q94v-v6m9-jhq9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wz6y-gpz9-sqfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65521?format=json","vulnerability_id":"VCID-x5a1-bdbv-2fbv","summary":"OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise application behavior.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43531","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09708","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43531"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/62660","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/62660"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43531","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43531"},{"reference_url":"https://github.com/openclaw/openclaw/commit/dbfcef319618158fa40b31cdac386ea34c392c0c","reference_id":"dbfcef319618158fa40b31cdac386ea34c392c0c","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T13:49:24Z/"}],"url":"https://github.com/openclaw/openclaw/commit/dbfcef319618158fa40b31cdac386ea34c392c0c"},{"reference_url":"https://github.com/advisories/GHSA-7wv4-cc7p-jhxc","reference_id":"GHSA-7wv4-cc7p-jhxc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7wv4-cc7p-jhxc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7wv4-cc7p-jhxc","reference_id":"GHSA-7wv4-cc7p-jhxc","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T13:49:24Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7wv4-cc7p-jhxc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-env-file","reference_id":"openclaw-environment-variable-injection-via-workspace-env-file","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T13:49:24Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-env-file"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373416?format=json","purl":"pkg:npm/openclaw@2026.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-bdss-ct5q-cyak"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vbfg-fz5c-9yde"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.9"}],"aliases":["CVE-2026-43531","GHSA-7wv4-cc7p-jhxc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5a1-bdbv-2fbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360101?format=json","vulnerability_id":"VCID-x66k-fdng-tfan","summary":"Duplicate Advisory: OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-mgrq-9f93-wpp5. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check improperly resolves aliases, permitting the first write operation to escape the workspace boundary and create files in arbitrary locations.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32055","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32055"},{"reference_url":"https://github.com/advisories/GHSA-9f79-7pw8-3fj8","reference_id":"GHSA-9f79-7pw8-3fj8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9f79-7pw8-3fj8"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mgrq-9f93-wpp5","reference_id":"GHSA-mgrq-9f93-wpp5","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mgrq-9f93-wpp5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["GHSA-9f79-7pw8-3fj8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x66k-fdng-tfan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77087?format=json","vulnerability_id":"VCID-x9wb-z2ae-q7b2","summary":"OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including block_action, view_submission, and view_closed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue system-event text into active sessions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32005","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13194","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32005"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ce8c67c314b93f570f53c2a9abc124e1e3a54715","reference_id":"ce8c67c314b93f570f53c2a9abc124e1e3a54715","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:11:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/ce8c67c314b93f570f53c2a9abc124e1e3a54715"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32005","reference_id":"CVE-2026-32005","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32005"},{"reference_url":"https://github.com/advisories/GHSA-x2ff-j5c2-ggpr","reference_id":"GHSA-x2ff-j5c2-ggpr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2ff-j5c2-ggpr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x2ff-j5c2-ggpr","reference_id":"GHSA-x2ff-j5c2-ggpr","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:11:58Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x2ff-j5c2-ggpr"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-interactive-callbacks-via-sender-check-skip","reference_id":"openclaw-authorization-bypass-in-interactive-callbacks-via-sender-check-skip","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:11:58Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-interactive-callbacks-via-sender-check-skip"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["CVE-2026-32005","GHSA-x2ff-j5c2-ggpr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9wb-z2ae-q7b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360206?format=json","vulnerability_id":"VCID-xbkn-rk3f-33hw","summary":"Duplicate Advisory: OpenClaw's andbox browser noVNC observer lacked VNC authentication\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-25gx-x37c-7pph. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact with the sandbox browser without credentials.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32064","reference_id":"CVE-2026-32064","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32064"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-25gx-x37c-7pph","reference_id":"GHSA-25gx-x37c-7pph","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-25gx-x37c-7pph"},{"reference_url":"https://github.com/advisories/GHSA-cxcw-jm67-3wwp","reference_id":"GHSA-cxcw-jm67-3wwp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cxcw-jm67-3wwp"}],"fixed_packages":[],"aliases":["GHSA-cxcw-jm67-3wwp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkn-rk3f-33hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80690?format=json","vulnerability_id":"VCID-xdcp-b977-e3bm","summary":"OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen initialization files while bypassing exec allowlist matching restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41392","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07063","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41392"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41392","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41392"},{"reference_url":"https://github.com/openclaw/openclaw/commit/0c8375424620e12777ef24c162eedc7e9fcfd7e3","reference_id":"0c8375424620e12777ef24c162eedc7e9fcfd7e3","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:18:08Z/"}],"url":"https://github.com/openclaw/openclaw/commit/0c8375424620e12777ef24c162eedc7e9fcfd7e3"},{"reference_url":"https://github.com/advisories/GHSA-wpc6-37g7-8q4w","reference_id":"GHSA-wpc6-37g7-8q4w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpc6-37g7-8q4w"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wpc6-37g7-8q4w","reference_id":"GHSA-wpc6-37g7-8q4w","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:18:08Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wpc6-37g7-8q4w"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-shell-init-file-options","reference_id":"openclaw-exec-allowlist-bypass-via-shell-init-file-options","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:18:08Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-shell-init-file-options"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41392","GHSA-wpc6-37g7-8q4w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdcp-b977-e3bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212684?format=json","vulnerability_id":"VCID-xdtj-kyur-ffg6","summary":"OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-392f-ggf5-fp3c","reference_id":"GHSA-392f-ggf5-fp3c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-392f-ggf5-fp3c"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-392f-ggf5-fp3c","reference_id":"GHSA-392f-ggf5-fp3c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-392f-ggf5-fp3c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40062?format=json","purl":"pkg:npm/openclaw@2026.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cb88-xg59-e7dh"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xbsp-wcqs-4bf4"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.1"}],"aliases":["GHSA-392f-ggf5-fp3c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdtj-kyur-ffg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70407?format=json","vulnerability_id":"VCID-xhej-v61s-vkht","summary":"OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairing approval restrictions to gain unauthorized access to exec-capable nodes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42426","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12829","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42426"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42426","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42426"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_id":"d7c3210cd6f5fdfdc1beff4c9541673e814354d5","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:25:43Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"},{"reference_url":"https://github.com/advisories/GHSA-67mf-f936-ppxf","reference_id":"GHSA-67mf-f936-ppxf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-67mf-f936-ppxf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-67mf-f936-ppxf","reference_id":"GHSA-67mf-f936-ppxf","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:25:43Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-67mf-f936-ppxf"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-improper-authorization-in-node-pair-approve-via-operator-write-scope","reference_id":"openclaw-improper-authorization-in-node-pair-approve-via-operator-write-scope","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:25:43Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-improper-authorization-in-node-pair-approve-via-operator-write-scope"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["CVE-2026-42426","GHSA-67mf-f936-ppxf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhej-v61s-vkht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359924?format=json","vulnerability_id":"VCID-xr48-nm9h-fkds","summary":"Duplicate Advisory: OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-rm59-992w-x2mv. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassing signature validation.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35626","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35626"},{"reference_url":"https://github.com/advisories/GHSA-36cp-mh65-x882","reference_id":"GHSA-36cp-mh65-x882","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-36cp-mh65-x882"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv","reference_id":"GHSA-rm59-992w-x2mv","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["GHSA-36cp-mh65-x882"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xr48-nm9h-fkds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80755?format=json","vulnerability_id":"VCID-xsbb-51rw-p7e8","summary":"OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41365","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10415","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41365"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41365","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41365"},{"reference_url":"https://github.com/openclaw/openclaw/commit/5cca38084074fb5095aa11b6a59820d63e4937c9","reference_id":"5cca38084074fb5095aa11b6a59820d63e4937c9","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:54:54Z/"}],"url":"https://github.com/openclaw/openclaw/commit/5cca38084074fb5095aa11b6a59820d63e4937c9"},{"reference_url":"https://github.com/advisories/GHSA-chfm-xgc4-47rj","reference_id":"GHSA-chfm-xgc4-47rj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-chfm-xgc4-47rj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-chfm-xgc4-47rj","reference_id":"GHSA-chfm-xgc4-47rj","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:54:54Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-chfm-xgc4-47rj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-graph-api-thread-history","reference_id":"openclaw-sender-allowlist-bypass-via-graph-api-thread-history","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:54:54Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-graph-api-thread-history"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41365","GHSA-chfm-xgc4-47rj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsbb-51rw-p7e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65500?format=json","vulnerability_id":"VCID-xttb-bfmd-uyfh","summary":"OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute unauthorized navigation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43580","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11594","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43580"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/62023","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/62023"},{"reference_url":"https://github.com/openclaw/openclaw/pull/63226","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/63226"},{"reference_url":"https://github.com/openclaw/openclaw/pull/63889","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/63889"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43580","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43580"},{"reference_url":"https://github.com/openclaw/openclaw/commit/049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe","reference_id":"049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:47Z/"}],"url":"https://github.com/openclaw/openclaw/commit/049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe"},{"reference_url":"https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3","reference_id":"5f5b3d733bdd791cb457f838514179e1288b10b3","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:47Z/"}],"url":"https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3"},{"reference_url":"https://github.com/openclaw/openclaw/commit/e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894","reference_id":"e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:47Z/"}],"url":"https://github.com/openclaw/openclaw/commit/e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894"},{"reference_url":"https://github.com/advisories/GHSA-536q-mj95-h29h","reference_id":"GHSA-536q-mj95-h29h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-536q-mj95-h29h"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h","reference_id":"GHSA-536q-mj95-h29h","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:47Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-incomplete-navigation-guard-coverage-in-browser-interactions","reference_id":"openclaw-incomplete-navigation-guard-coverage-in-browser-interactions","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:47Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-incomplete-navigation-guard-coverage-in-browser-interactions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373291?format=json","purl":"pkg:npm/openclaw@2026.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6qbs-72h8-gua4"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9c2u-hch4-8qbj"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cvqa-cn56-kuh1"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10"}],"aliases":["CVE-2026-43580","GHSA-536q-mj95-h29h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xttb-bfmd-uyfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80753?format=json","vulnerability_id":"VCID-xv1n-1wbt-8ydw","summary":"OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during the replay process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41337","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11476","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41337"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41337","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41337"},{"reference_url":"https://github.com/openclaw/openclaw/commit/efe9183f9d2fd5e01c8068fa01f4a07a58a63c0b","reference_id":"efe9183f9d2fd5e01c8068fa01f4a07a58a63c0b","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:28:16Z/"}],"url":"https://github.com/openclaw/openclaw/commit/efe9183f9d2fd5e01c8068fa01f4a07a58a63c0b"},{"reference_url":"https://github.com/advisories/GHSA-89r3-6x4j-v7wf","reference_id":"GHSA-89r3-6x4j-v7wf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-89r3-6x4j-v7wf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-89r3-6x4j-v7wf","reference_id":"GHSA-89r3-6x4j-v7wf","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:28:16Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-89r3-6x4j-v7wf"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-callback-origin-mutation-in-plivo-voice-call-replay","reference_id":"openclaw-callback-origin-mutation-in-plivo-voice-call-replay","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:28:16Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-callback-origin-mutation-in-plivo-voice-call-replay"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41337","GHSA-89r3-6x4j-v7wf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xv1n-1wbt-8ydw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71542?format=json","vulnerability_id":"VCID-xw16-zng9-bug2","summary":"OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to blocked internal destinations and access restricted resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35629","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14522","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35629"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35629","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35629"},{"reference_url":"https://github.com/openclaw/openclaw/commit/f92c92515bd439a71bd03eb1bc969c1964f17acf","reference_id":"f92c92515bd439a71bd03eb1bc969c1964f17acf","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:32Z/"}],"url":"https://github.com/openclaw/openclaw/commit/f92c92515bd439a71bd03eb1bc969c1964f17acf"},{"reference_url":"https://github.com/advisories/GHSA-pg2v-8xwh-qhcc","reference_id":"GHSA-pg2v-8xwh-qhcc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pg2v-8xwh-qhcc"},{"reference_url":"https://github.com/advisories/GHSA-rhfg-j8jq-7v2h","reference_id":"GHSA-rhfg-j8jq-7v2h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rhfg-j8jq-7v2h"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2h","reference_id":"GHSA-rhfg-j8jq-7v2h","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:32Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2h"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensions","reference_id":"openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensions","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:32Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-35629","GHSA-rhfg-j8jq-7v2h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xw16-zng9-bug2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359832?format=json","vulnerability_id":"VCID-xwcc-bu96-4bhf","summary":"Duplicate Advisory: OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-rqp8-q22p-5j9q This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access control policies and replace route ownership across accounts.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35635","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35635"},{"reference_url":"https://github.com/advisories/GHSA-g8mc-c5f2-mqg7","reference_id":"GHSA-g8mc-c5f2-mqg7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g8mc-c5f2-mqg7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q","reference_id":"GHSA-rqp8-q22p-5j9q","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["GHSA-g8mc-c5f2-mqg7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwcc-bu96-4bhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76951?format=json","vulnerability_id":"VCID-xyap-5sgd-2ydq","summary":"OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32918","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04373","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32918"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32918","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32918"},{"reference_url":"https://github.com/advisories/GHSA-wcxr-59v9-rxr8","reference_id":"GHSA-wcxr-59v9-rxr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wcxr-59v9-rxr8"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wcxr-59v9-rxr8","reference_id":"GHSA-wcxr-59v9-rxr8","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T14:13:12Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wcxr-59v9-rxr8"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-session-sandbox-escape-via-session-status-tool","reference_id":"openclaw-session-sandbox-escape-via-session-status-tool","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T14:13:12Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-session-sandbox-escape-via-session-status-tool"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["CVE-2026-32918","GHSA-wcxr-59v9-rxr8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyap-5sgd-2ydq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360140?format=json","vulnerability_id":"VCID-xyug-3ymm-gqfq","summary":"Duplicate Advisory: OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-99qw-6mr3-36qr. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run OpenClaw from the directory.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32920","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32920"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-99qw-6mr3-36qr","reference_id":"GHSA-99qw-6mr3-36qr","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-99qw-6mr3-36qr"},{"reference_url":"https://github.com/advisories/GHSA-j5qh-5234-4rqp","reference_id":"GHSA-j5qh-5234-4rqp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j5qh-5234-4rqp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["GHSA-j5qh-5234-4rqp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyug-3ymm-gqfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77269?format=json","vulnerability_id":"VCID-y1tn-gnuu-dqg1","summary":"OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket time, and JSON parsing work before authentication validation occurs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32980","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12879","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32980"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32980","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32980"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7e49e98f79073b11134beac27fdff547ba5a4a02","reference_id":"7e49e98f79073b11134beac27fdff547ba5a4a02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T16:02:47Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7e49e98f79073b11134beac27fdff547ba5a4a02"},{"reference_url":"https://github.com/advisories/GHSA-jq3f-vjww-8rq7","reference_id":"GHSA-jq3f-vjww-8rq7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jq3f-vjww-8rq7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jq3f-vjww-8rq7","reference_id":"GHSA-jq3f-vjww-8rq7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T16:02:47Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jq3f-vjww-8rq7"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-resource-exhaustion-via-unauthenticated-telegram-webhook-request","reference_id":"openclaw-resource-exhaustion-via-unauthenticated-telegram-webhook-request","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T16:02:47Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-resource-exhaustion-via-unauthenticated-telegram-webhook-request"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374836?format=json","purl":"pkg:npm/openclaw@2026.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.13"}],"aliases":["CVE-2026-32980","GHSA-jq3f-vjww-8rq7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1tn-gnuu-dqg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360137?format=json","vulnerability_id":"VCID-y3jr-1k58-9ye8","summary":"Duplicate Advisory: OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-rqpp-rjj8-7wv8. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connections to self-declare elevated scopes without server-side binding. Attackers can exploit this logic flaw to present unauthorized scopes such as operator.admin and perform admin-only gateway operations.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22172","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22172"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rqpp-rjj8-7wv8","reference_id":"GHSA-rqpp-rjj8-7wv8","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rqpp-rjj8-7wv8"},{"reference_url":"https://github.com/advisories/GHSA-x49q-fhhm-r9jf","reference_id":"GHSA-x49q-fhhm-r9jf","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x49q-fhhm-r9jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["GHSA-x49q-fhhm-r9jf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3jr-1k58-9ye8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79784?format=json","vulnerability_id":"VCID-y3nq-a16d-ebam","summary":"OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat context into host-side ACP session initialization when ACP is enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27646","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03471","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27646"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"},{"reference_url":"https://github.com/openclaw/openclaw/commit/61000b8e4ded919ca1a825d4700db4cb3fdc56e3","reference_id":"61000b8e4ded919ca1a825d4700db4cb3fdc56e3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:15:20Z/"}],"url":"https://github.com/openclaw/openclaw/commit/61000b8e4ded919ca1a825d4700db4cb3fdc56e3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27646","reference_id":"CVE-2026-27646","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27646"},{"reference_url":"https://github.com/advisories/GHSA-9q36-67vc-rrwg","reference_id":"GHSA-9q36-67vc-rrwg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9q36-67vc-rrwg"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9q36-67vc-rrwg","reference_id":"GHSA-9q36-67vc-rrwg","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:15:20Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9q36-67vc-rrwg"},{"reference_url":"https://vulncheck.com/advisories/openclaw-mar-sandbox-escape-via-acp-spawn-command","reference_id":"openclaw-mar-sandbox-escape-via-acp-spawn-command","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:15:20Z/"}],"url":"https://vulncheck.com/advisories/openclaw-mar-sandbox-escape-via-acp-spawn-command"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40410?format=json","purl":"pkg:npm/openclaw@2026.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.7"}],"aliases":["CVE-2026-27646","GHSA-9q36-67vc-rrwg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3nq-a16d-ebam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359847?format=json","vulnerability_id":"VCID-y493-unyv-33bw","summary":"Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-6mqc-jqh6-x8fc. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket requests to Canvas routes to bypass authentication and gain unauthorized access.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35634","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35634"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6mqc-jqh6-x8fc","reference_id":"GHSA-6mqc-jqh6-x8fc","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6mqc-jqh6-x8fc"},{"reference_url":"https://github.com/advisories/GHSA-9gvx-vj57-vqqx","reference_id":"GHSA-9gvx-vj57-vqqx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9gvx-vj57-vqqx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373851?format=json","purl":"pkg:npm/openclaw@2026.3.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.23"}],"aliases":["GHSA-9gvx-vj57-vqqx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y493-unyv-33bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80991?format=json","vulnerability_id":"VCID-y5fh-j64j-8ygt","summary":"OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP identity labels and inject reserved provenance fields intended only for the ACP bridge by manipulating client metadata during connection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41299","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20442","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41299"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/4b9542716c26ac77652bcaa0f562043b298b409f","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/4b9542716c26ac77652bcaa0f562043b298b409f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41299","reference_id":"CVE-2026-41299","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41299"},{"reference_url":"https://github.com/advisories/GHSA-6xg4-82hv-cp6f","reference_id":"GHSA-6xg4-82hv-cp6f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xg4-82hv-cp6f"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6xg4-82hv-cp6f","reference_id":"GHSA-6xg4-82hv-cp6f","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:38:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6xg4-82hv-cp6f"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-client-identity-spoofing-in-chat-send-gateway-provenance-guard","reference_id":"openclaw-client-identity-spoofing-in-chat-send-gateway-provenance-guard","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:38:14Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-client-identity-spoofing-in-chat-send-gateway-provenance-guard"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41299","GHSA-6xg4-82hv-cp6f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5fh-j64j-8ygt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69848?format=json","vulnerability_id":"VCID-y5k6-v1cj-cqg6","summary":"OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until gateway or plugin restart.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45005","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17871","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45005"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45005","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45005"},{"reference_url":"https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa","reference_id":"36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/"}],"url":"https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa"},{"reference_url":"https://github.com/advisories/GHSA-q8ff-7ffm-m3r9","reference_id":"GHSA-q8ff-7ffm-m3r9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8ff-7ffm-m3r9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9","reference_id":"GHSA-q8ff-7ffm-m3r9","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation","reference_id":"openclaw-webhook-route-secret-cache-not-invalidated-after-rotation","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375456?format=json","purl":"pkg:npm/openclaw@2026.4.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23"}],"aliases":["CVE-2026-45005","GHSA-q8ff-7ffm-m3r9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5k6-v1cj-cqg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80793?format=json","vulnerability_id":"VCID-y922-jg2a-6fff","summary":"OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by initiating audio preflight operations before authorization checks are applied.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41331","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17707","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41331"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41331","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41331"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c4fa8635d03943ffe9e294d501089521dca635c5","reference_id":"c4fa8635d03943ffe9e294d501089521dca635c5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T12:59:50Z/"}],"url":"https://github.com/openclaw/openclaw/commit/c4fa8635d03943ffe9e294d501089521dca635c5"},{"reference_url":"https://github.com/advisories/GHSA-m6fx-m8hc-572m","reference_id":"GHSA-m6fx-m8hc-572m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6fx-m8hc-572m"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m","reference_id":"GHSA-m6fx-m8hc-572m","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T12:59:50Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-unauthorized-telegram-audio-preflight-transcription","reference_id":"openclaw-resource-consumption-via-unauthorized-telegram-audio-preflight-transcription","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T12:59:50Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-unauthorized-telegram-audio-preflight-transcription"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41331","GHSA-m6fx-m8hc-572m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y922-jg2a-6fff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359915?format=json","vulnerability_id":"VCID-y927-u929-17bd","summary":"OpenClaw: Authenticated `/hooks/wake` and mapped `wake` payloads are promoted into the trusted `System:` prompt channel\n## Impact\n\nAuthenticated `/hooks/wake` and mapped `wake` payloads are promoted into the trusted `System:` prompt channel.\n\nAn authenticated wake hook or mapped wake payload could be promoted into the trusted System prompt channel instead of an untrusted event.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.2`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @tdjackey for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jf56-mccx-5f3f","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-jf56-mccx-5f3f"},{"reference_url":"https://github.com/advisories/GHSA-jf56-mccx-5f3f","reference_id":"GHSA-jf56-mccx-5f3f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jf56-mccx-5f3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:npm/openclaw@2026.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a727-qa7y-y3hf"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hwyc-kv1j-1yhm"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-ns2g-q3vb-akcm"},{"vulnerability":"VCID-nue7-qr3q-e3h4"},{"vulnerability":"VCID-qcd6-fjdp-hyam"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8"}],"aliases":["GHSA-jf56-mccx-5f3f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y927-u929-17bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71599?format=json","vulnerability_id":"VCID-ye9d-bzdx-bbeq","summary":"OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests to the Feishu webhook endpoint, blocking legitimate webhook deliveries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35665","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29468","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35665"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35665","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35665"},{"reference_url":"https://github.com/advisories/GHSA-w6m8-cqvj-pg5v","reference_id":"GHSA-w6m8-cqvj-pg5v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6m8-cqvj-pg5v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w6m8-cqvj-pg5v","reference_id":"GHSA-w6m8-cqvj-pg5v","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:57:19Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w6m8-cqvj-pg5v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x4vp-4235-65hg","reference_id":"GHSA-x4vp-4235-65hg","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x4vp-4235-65hg"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-feishu-webhook-pre-auth-body-parsing","reference_id":"openclaw-denial-of-service-via-feishu-webhook-pre-auth-body-parsing","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:57:19Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-feishu-webhook-pre-auth-body-parsing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373706?format=json","purl":"pkg:npm/openclaw@2026.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1y6e-vv6s-ckgt"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5bbp-xjjz-p3gm"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-84y8-6fag-nbbm"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-muxr-kvhn-7fcb"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y8w5-82ny-y3ez"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24"}],"aliases":["CVE-2026-35665","GHSA-w6m8-cqvj-pg5v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ye9d-bzdx-bbeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359878?format=json","vulnerability_id":"VCID-yjb1-4y48-a7g6","summary":"OpenClaw: Windows-compatible env override keys could bypass system.run approval binding\n## Summary\n\nBefore OpenClaw 2026.4.2, system-run approval binding normalized environment override keys differently from host execution. Windows-compatible keys could be omitted from the approval binding while still being injected at execution time.\n\n## Impact\n\nAn approved command could run with attacker-chosen environment overrides that were not represented in the approval binding. This created an approval-integrity gap for affected host-exec flows.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `7eb094a00d80e9f6bf0e62f2c45d3b88ff67c04d` — align approval binding with execution-time env-key normalization\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @iskindar for reporting, and thanks @wsparks-vc for coordination.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7eb094a00d80e9f6bf0e62f2c45d3b88ff67c04d","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/7eb094a00d80e9f6bf0e62f2c45d3b88ff67c04d"},{"reference_url":"https://github.com/advisories/GHSA-98ch-45wp-ch47","reference_id":"GHSA-98ch-45wp-ch47","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98ch-45wp-ch47"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47","reference_id":"GHSA-98ch-45wp-ch47","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["GHSA-98ch-45wp-ch47"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjb1-4y48-a7g6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74700?format=json","vulnerability_id":"VCID-ymb1-z8vm-vfa8","summary":"","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34508","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34508"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-webhook-rate-limiting-bypass-via-pre-authentication-secret-validation-2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/openclaw-webhook-rate-limiting-bypass-via-pre-authentication-secret-validation-2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5m9r-p9g7-679c","reference_id":"GHSA-5m9r-p9g7-679c","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5m9r-p9g7-679c"},{"reference_url":"https://github.com/advisories/GHSA-8288-jpqp-95fx","reference_id":"GHSA-8288-jpqp-95fx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8288-jpqp-95fx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374625?format=json","purl":"pkg:npm/openclaw@2026.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.12"}],"aliases":["CVE-2026-34508","GHSA-8288-jpqp-95fx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymb1-z8vm-vfa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360045?format=json","vulnerability_id":"VCID-yn9a-p67j-c7dk","summary":"Duplicate Advisory: `OpenClaw: session_status` let sandboxed subagents access parent or sibling session state\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-wcxr-59v9-rxr8. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32918","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32918"},{"reference_url":"https://github.com/advisories/GHSA-hh43-q692-2xmq","reference_id":"GHSA-hh43-q692-2xmq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hh43-q692-2xmq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wcxr-59v9-rxr8","reference_id":"GHSA-wcxr-59v9-rxr8","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wcxr-59v9-rxr8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/965898?format=json","purl":"pkg:npm/openclaw@2026.3.11-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11-beta.1"}],"aliases":["GHSA-hh43-q692-2xmq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn9a-p67j-c7dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67862?format=json","vulnerability_id":"VCID-yqjc-khg8-uyb4","summary":"OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAW_GIT_DIR to manipulate trusted OpenClaw runtime behavior during source-update or installer flows.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44114","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07205","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44114"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44114","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44114"},{"reference_url":"https://github.com/openclaw/openclaw/commit/018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6","reference_id":"018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/"}],"url":"https://github.com/openclaw/openclaw/commit/018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6"},{"reference_url":"https://github.com/advisories/GHSA-hxvm-xjvf-93f3","reference_id":"GHSA-hxvm-xjvf-93f3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxvm-xjvf-93f3"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hxvm-xjvf-93f3","reference_id":"GHSA-hxvm-xjvf-93f3","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hxvm-xjvf-93f3"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-namespace-collision-via-workspace-dotenv","reference_id":"openclaw-environment-variable-namespace-collision-via-workspace-dotenv","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-namespace-collision-via-workspace-dotenv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44114","GHSA-hxvm-xjvf-93f3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yqjc-khg8-uyb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360075?format=json","vulnerability_id":"VCID-yrgt-62vk-x3bn","summary":"Duplicate Advisory: OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-6j27-pc5c-m8w8. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign wrapped system.run commands and subsequently execute different payloads without approval, enabling remote code execution on gateway and node-host execution flows.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29607","reference_id":"CVE-2026-29607","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29607"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6j27-pc5c-m8w8","reference_id":"GHSA-6j27-pc5c-m8w8","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6j27-pc5c-m8w8"},{"reference_url":"https://github.com/advisories/GHSA-pfv5-rpcw-x34x","reference_id":"GHSA-pfv5-rpcw-x34x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pfv5-rpcw-x34x"}],"fixed_packages":[],"aliases":["GHSA-pfv5-rpcw-x34x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrgt-62vk-x3bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77456?format=json","vulnerability_id":"VCID-yx7v-h35b-vuen","summary":"OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded traversal patterns to access protected plugin channel routes when handlers normalize the incoming path, circumventing security controls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32036","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30965","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32036"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/258d615c45527ffda37cecd08cd268f97461bde0","reference_id":"258d615c45527ffda37cecd08cd268f97461bde0","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T14:25:52Z/"}],"url":"https://github.com/openclaw/openclaw/commit/258d615c45527ffda37cecd08cd268f97461bde0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32036","reference_id":"CVE-2026-32036","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32036"},{"reference_url":"https://github.com/advisories/GHSA-mwxv-35wr-4vvj","reference_id":"GHSA-mwxv-35wr-4vvj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwxv-35wr-4vvj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mwxv-35wr-4vvj","reference_id":"GHSA-mwxv-35wr-4vvj","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T14:25:52Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mwxv-35wr-4vvj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-encoded-dot-segment-traversal-in-api-channels","reference_id":"openclaw-authentication-bypass-via-encoded-dot-segment-traversal-in-api-channels","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T14:25:52Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-encoded-dot-segment-traversal-in-api-channels"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40063?format=json","purl":"pkg:npm/openclaw@2026.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-992f-749r-y7ap"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wfs1-rcb7-dqbg"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.26"}],"aliases":["CVE-2026-32036","GHSA-mwxv-35wr-4vvj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yx7v-h35b-vuen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77405?format=json","vulnerability_id":"VCID-z2b6-nmg2-1ue8","summary":"OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensitive headers like X-Api-Key and Private-Token intended for the original destination.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32913","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14148","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32913"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"},{"reference_url":"https://github.com/openclaw/openclaw/commit/46715371b0612a6f9114dffd1466941ac476cef5","reference_id":"46715371b0612a6f9114dffd1466941ac476cef5","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:45:01Z/"}],"url":"https://github.com/openclaw/openclaw/commit/46715371b0612a6f9114dffd1466941ac476cef5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32913","reference_id":"CVE-2026-32913","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32913"},{"reference_url":"https://github.com/advisories/GHSA-6mgf-v5j7-45cr","reference_id":"GHSA-6mgf-v5j7-45cr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6mgf-v5j7-45cr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6mgf-v5j7-45cr","reference_id":"GHSA-6mgf-v5j7-45cr","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:45:01Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6mgf-v5j7-45cr"},{"reference_url":"https://vulncheck.com/advisories/openclaw-mar-custom-authorization-header-leakage-via-cross-origin-redirects","reference_id":"openclaw-mar-custom-authorization-header-leakage-via-cross-origin-redirects","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:45:01Z/"}],"url":"https://vulncheck.com/advisories/openclaw-mar-custom-authorization-header-leakage-via-cross-origin-redirects"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40410?format=json","purl":"pkg:npm/openclaw@2026.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.7"}],"aliases":["CVE-2026-32913","GHSA-6mgf-v5j7-45cr"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2b6-nmg2-1ue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77317?format=json","vulnerability_id":"VCID-z38e-4ju1-7ydy","summary":"OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM messages to bypass DM authorization restrictions and trigger downstream automation or tool policies.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32028","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12941","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32028"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/aedf62ac7e669a89c7b299201bf6537dc6b12e0e","reference_id":"aedf62ac7e669a89c7b299201bf6537dc6b12e0e","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:16:07Z/"}],"url":"https://github.com/openclaw/openclaw/commit/aedf62ac7e669a89c7b299201bf6537dc6b12e0e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32028","reference_id":"CVE-2026-32028","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32028"},{"reference_url":"https://github.com/advisories/GHSA-354r-7mfh-7rh2","reference_id":"GHSA-354r-7mfh-7rh2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-354r-7mfh-7rh2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-354r-7mfh-7rh2","reference_id":"GHSA-354r-7mfh-7rh2","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:16:07Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-354r-7mfh-7rh2"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-missing-authorization-check-in-discord-dm-reaction-ingress","reference_id":"openclaw-missing-authorization-check-in-discord-dm-reaction-ingress","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:16:07Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-missing-authorization-check-in-discord-dm-reaction-ingress"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40073?format=json","purl":"pkg:npm/openclaw@2026.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25"}],"aliases":["CVE-2026-32028","GHSA-354r-7mfh-7rh2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z38e-4ju1-7ydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81116?format=json","vulnerability_id":"VCID-z438-846q-27f3","summary":"OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive downloads, enabling remote attackers to redirect requests to arbitrary internal or external servers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41297","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13373","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41297"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41297","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41297"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2ce44ca6a1302b166a128abbd78f72114f2f4f52","reference_id":"2ce44ca6a1302b166a128abbd78f72114f2f4f52","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:41:27Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2ce44ca6a1302b166a128abbd78f72114f2f4f52"},{"reference_url":"https://github.com/advisories/GHSA-vjx8-8p7h-82gr","reference_id":"GHSA-vjx8-8p7h-82gr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vjx8-8p7h-82gr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vjx8-8p7h-82gr","reference_id":"GHSA-vjx8-8p7h-82gr","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:41:27Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vjx8-8p7h-82gr"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-marketplace-plugin-download-redirect","reference_id":"openclaw-server-side-request-forgery-via-marketplace-plugin-download-redirect","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:41:27Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-marketplace-plugin-download-redirect"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41297","GHSA-vjx8-8p7h-82gr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z438-846q-27f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71777?format=json","vulnerability_id":"VCID-z4z4-3e3q-zbfy","summary":"OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct messages to bypass DM pairing and modify session state.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35661","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17522","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35661"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35661","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35661"},{"reference_url":"https://github.com/openclaw/openclaw/commit/269282ac69ab6030d5f30d04822668f607f13065","reference_id":"269282ac69ab6030d5f30d04822668f607f13065","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:14:55Z/"}],"url":"https://github.com/openclaw/openclaw/commit/269282ac69ab6030d5f30d04822668f607f13065"},{"reference_url":"https://github.com/advisories/GHSA-j4c9-w69r-cw33","reference_id":"GHSA-j4c9-w69r-cw33","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j4c9-w69r-cw33"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c9-w69r-cw33","reference_id":"GHSA-j4c9-w69r-cw33","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:14:55Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c9-w69r-cw33"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-telegram-dm-scoped-inline-button-callback-authorization-bypass","reference_id":"openclaw-telegram-dm-scoped-inline-button-callback-authorization-bypass","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:14:55Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-telegram-dm-scoped-inline-button-callback-authorization-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-35661","GHSA-j4c9-w69r-cw33"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4z4-3e3q-zbfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71630?format=json","vulnerability_id":"VCID-z5ke-btzd-b7cx","summary":"OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35664","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26995","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35664"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/81c45976db532324b5a0918a70decc19520dc354","reference_id":"81c45976db532324b5a0918a70decc19520dc354","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:57:40Z/"}],"url":"https://github.com/openclaw/openclaw/commit/81c45976db532324b5a0918a70decc19520dc354"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35664","reference_id":"CVE-2026-35664","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35664"},{"reference_url":"https://github.com/advisories/GHSA-77w2-crqv-cmv3","reference_id":"GHSA-77w2-crqv-cmv3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77w2-crqv-cmv3"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-77w2-crqv-cmv3","reference_id":"GHSA-77w2-crqv-cmv3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:57:40Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-77w2-crqv-cmv3"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-dm-pairing-bypass-via-legacy-card-callbacks","reference_id":"openclaw-dm-pairing-bypass-via-legacy-card-callbacks","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:57:40Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-dm-pairing-bypass-via-legacy-card-callbacks"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-35664","GHSA-77w2-crqv-cmv3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z5ke-btzd-b7cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71934?format=json","vulnerability_id":"VCID-z9dc-47q8-7kc8","summary":"OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privileged operations with unintended administrative scope.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35645","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16007","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35645"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35645","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35645"},{"reference_url":"https://github.com/openclaw/openclaw/commit/b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7","reference_id":"b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:11:49Z/"}],"url":"https://github.com/openclaw/openclaw/commit/b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7"},{"reference_url":"https://github.com/advisories/GHSA-h4jx-hjr3-fhgc","reference_id":"GHSA-h4jx-hjr3-fhgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4jx-hjr3-fhgc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h4jx-hjr3-fhgc","reference_id":"GHSA-h4jx-hjr3-fhgc","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:11:49Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h4jx-hjr3-fhgc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-synthetic-operator-admin-in-deletesession","reference_id":"openclaw-privilege-escalation-via-synthetic-operator-admin-in-deletesession","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:11:49Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-synthetic-operator-admin-in-deletesession"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-35645","GHSA-h4jx-hjr3-fhgc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z9dc-47q8-7kc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360166?format=json","vulnerability_id":"VCID-zhf4-arnt-uqfx","summary":"Duplicate Advisory: allowlist exec-guard bypass via env -S\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-48wf-g7cp-gr3m. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at runtime.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31992","reference_id":"CVE-2026-31992","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31992"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-48wf-g7cp-gr3m","reference_id":"GHSA-48wf-g7cp-gr3m","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-48wf-g7cp-gr3m"},{"reference_url":"https://github.com/advisories/GHSA-x742-88jj-7hv9","reference_id":"GHSA-x742-88jj-7hv9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x742-88jj-7hv9"}],"fixed_packages":[],"aliases":["GHSA-x742-88jj-7hv9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhf4-arnt-uqfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212777?format=json","vulnerability_id":"VCID-zk8m-c8de-rqbn","summary":"OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/1d1757b16f48f1a93cd16ab0ad7e2c3c63ce727d","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/1d1757b16f48f1a93cd16ab0ad7e2c3c63ce727d"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"},{"reference_url":"https://github.com/advisories/GHSA-3h2q-j2v4-6w5r","reference_id":"GHSA-3h2q-j2v4-6w5r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3h2q-j2v4-6w5r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3h2q-j2v4-6w5r","reference_id":"GHSA-3h2q-j2v4-6w5r","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3h2q-j2v4-6w5r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40410?format=json","purl":"pkg:npm/openclaw@2026.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jx33-tn39-ekhx"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w5te-gjg2-cycb"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.7"}],"aliases":["GHSA-3h2q-j2v4-6w5r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zk8m-c8de-rqbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80654?format=json","vulnerability_id":"VCID-zmfp-x82c-3kcd","summary":"OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41352","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67924","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41352"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41352","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41352"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3886b65ef21d02808c1a106fa1f9f69e22f71c32","reference_id":"3886b65ef21d02808c1a106fa1f9f69e22f71c32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T16:36:03Z/"}],"url":"https://github.com/openclaw/openclaw/commit/3886b65ef21d02808c1a106fa1f9f69e22f71c32"},{"reference_url":"https://github.com/advisories/GHSA-xj9w-5r6q-x6v4","reference_id":"GHSA-xj9w-5r6q-x6v4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj9w-5r6q-x6v4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xj9w-5r6q-x6v4","reference_id":"GHSA-xj9w-5r6q-x6v4","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T16:36:03Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xj9w-5r6q-x6v4"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-node-scope-gate-bypass","reference_id":"openclaw-remote-code-execution-via-node-scope-gate-bypass","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T16:36:03Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-node-scope-gate-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41352","GHSA-xj9w-5r6q-x6v4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmfp-x82c-3kcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360019?format=json","vulnerability_id":"VCID-zpr8-r9ee-xbev","summary":"Duplicate Advisory: OpenClaw: Sandbox `writeFile` commit could race outside the validated path\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xvx8-77m6-gwg6. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker can exploit a time-of-check-time-of-use race condition by modifying parent paths inside the sandbox to redirect committed files outside the validated writable path within the container mount namespace.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32977","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32977"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xvx8-77m6-gwg6","reference_id":"GHSA-xvx8-77m6-gwg6","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xvx8-77m6-gwg6"},{"reference_url":"https://github.com/advisories/GHSA-xxj4-96ph-g6j6","reference_id":"GHSA-xxj4-96ph-g6j6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxj4-96ph-g6j6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374507?format=json","purl":"pkg:npm/openclaw@2026.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.11"}],"aliases":["GHSA-xxj4-96ph-g6j6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zpr8-r9ee-xbev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359864?format=json","vulnerability_id":"VCID-zqds-fryf-tbgv","summary":"OpenClaw: Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read\n## Summary\nPath traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read\n\n## Current Maintainer Triage\n- Normalized severity: medium\n- Assessment: v2026.3.28 ACP dispatch still reads attachment paths outside the guarded attachment-cache or root checks, and the root-enforcement fix is not yet shipped.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `566fb73d9da2d73c0be0d9b8e5b762e4dcd8e81d` — 2026-03-30T14:04:02+01:00\n\nOpenClaw thanks @north-echo for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://github.com/advisories/GHSA-58q2-7r52-jq62","reference_id":"GHSA-58q2-7r52-jq62","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-58q2-7r52-jq62"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-58q2-7r52-jq62","reference_id":"GHSA-58q2-7r52-jq62","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-58q2-7r52-jq62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["GHSA-58q2-7r52-jq62"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqds-fryf-tbgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80958?format=json","vulnerability_id":"VCID-zw9g-abft-skg9","summary":"OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade service availability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41343","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35317","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41343"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41343","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41343"},{"reference_url":"https://github.com/openclaw/openclaw/commit/57c47d8c7fbf5a2e70cc4dec2380977968903cad","reference_id":"57c47d8c7fbf5a2e70cc4dec2380977968903cad","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:30:05Z/"}],"url":"https://github.com/openclaw/openclaw/commit/57c47d8c7fbf5a2e70cc4dec2380977968903cad"},{"reference_url":"https://github.com/advisories/GHSA-qcc3-jqwp-5vh2","reference_id":"GHSA-qcc3-jqwp-5vh2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcc3-jqwp-5vh2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qcc3-jqwp-5vh2","reference_id":"GHSA-qcc3-jqwp-5vh2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:30:05Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qcc3-jqwp-5vh2"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-line-webhook-handler-pre-auth-concurrency","reference_id":"openclaw-denial-of-service-via-line-webhook-handler-pre-auth-concurrency","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:30:05Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-line-webhook-handler-pre-auth-concurrency"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373298?format=json","purl":"pkg:npm/openclaw@2026.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31"}],"aliases":["CVE-2026-41343","GHSA-qcc3-jqwp-5vh2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zw9g-abft-skg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71810?format=json","vulnerability_id":"VCID-zwqw-xjzm-mbep","summary":"OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35643","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14482","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35643"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35643","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35643"},{"reference_url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87","reference_id":"630f1479c44f78484dfa21bb407cbe6f171dac87","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:53:53Z/"}],"url":"https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8b02ef133275be96d8aac2283100016c8a7f32e5","reference_id":"8b02ef133275be96d8aac2283100016c8a7f32e5","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:53:53Z/"}],"url":"https://github.com/openclaw/openclaw/commit/8b02ef133275be96d8aac2283100016c8a7f32e5"},{"reference_url":"https://github.com/advisories/GHSA-cxmw-p77q-wchg","reference_id":"GHSA-cxmw-p77q-wchg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cxmw-p77q-wchg"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cxmw-p77q-wchg","reference_id":"GHSA-cxmw-p77q-wchg","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:53:53Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cxmw-p77q-wchg"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-unvalidated-webview-javascriptinterface","reference_id":"openclaw-arbitrary-code-execution-via-unvalidated-webview-javascriptinterface","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:53:53Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-unvalidated-webview-javascriptinterface"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373351?format=json","purl":"pkg:npm/openclaw@2026.3.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22"}],"aliases":["CVE-2026-35643","GHSA-cxmw-p77q-wchg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwqw-xjzm-mbep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80915?format=json","vulnerability_id":"VCID-zxc5-3vhg-b3hw","summary":"OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41339","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11329","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41339"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41339","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41339"},{"reference_url":"https://github.com/openclaw/openclaw/commit/676b748056b5efca6f1255708e9dd9469edf5e2e","reference_id":"676b748056b5efca6f1255708e9dd9469edf5e2e","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:34:47Z/"}],"url":"https://github.com/openclaw/openclaw/commit/676b748056b5efca6f1255708e9dd9469edf5e2e"},{"reference_url":"https://github.com/advisories/GHSA-2f7j-rp58-mr42","reference_id":"GHSA-2f7j-rp58-mr42","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2f7j-rp58-mr42"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2f7j-rp58-mr42","reference_id":"GHSA-2f7j-rp58-mr42","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:34:47Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2f7j-rp58-mr42"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-gateway-connect-snapshot","reference_id":"openclaw-information-disclosure-via-gateway-connect-snapshot","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:34:47Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-gateway-connect-snapshot"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373318?format=json","purl":"pkg:npm/openclaw@2026.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7z3d-j9p7-kqed"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2"}],"aliases":["CVE-2026-41339","GHSA-2f7j-rp58-mr42"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxc5-3vhg-b3hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360091?format=json","vulnerability_id":"VCID-zyta-2q43-5bae","summary":"OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval\n### Summary\n`openclaw` versions `<= 2026.3.12` allowed bootstrap setup codes to be replayed before approval, which could widen the scopes on a pending device pairing request.\n\n### Affected Packages / Versions\n- Package: `openclaw` (`npm`)\n- Affected versions: `<= 2026.3.12`\n- Fixed version: `2026.3.13`\n\n### Details\nThe vulnerable path was bootstrap token verification in `src/infra/device-bootstrap.ts`. In affected releases, a valid bootstrap setup code could be verified more than once before the pairing request was approved. That allowed a second verification attempt to mutate a pending device pairing and request broader scopes, including escalation from a lower operator scope to `operator.admin`, before an approver finalized the pairing.\n\nThis issue is in scope under OpenClaw's trust model because bootstrap setup codes are an authentication primitive for device pairing and the replay changed the privileges granted to the pending device.\n\n### Fix\n`openclaw@2026.3.13` makes bootstrap setup codes single-use. Current code consumes the bootstrap token record on the first successful verification, so replay attempts fail before pending scopes can be widened.\n\nRegression coverage exists in `src/infra/device-pairing.test.ts` (`rejects bootstrap token replay before pending scope escalation can be approved`).\n\n### Fix Commit(s)\n- `1803d16d5cec970c54b0e1ac46b31b1cbade335c`\n\nThanks @tdjackey for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-63f5-hhc7-cx6p","reference_id":"GHSA-63f5-hhc7-cx6p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-63f5-hhc7-cx6p"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-63f5-hhc7-cx6p","reference_id":"GHSA-63f5-hhc7-cx6p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-63f5-hhc7-cx6p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374836?format=json","purl":"pkg:npm/openclaw@2026.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-ee6x-1rue-gbc9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-ytvf-tpaj-zyet"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.13"}],"aliases":["GHSA-63f5-hhc7-cx6p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyta-2q43-5bae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80790?format=json","vulnerability_id":"VCID-zzub-kp8h-2kar","summary":"OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call processing with a captured valid signed webhook.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41395","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05146","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41395"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/85777e726cb02c01a911b3ff832ddf4d664d5c94","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/85777e726cb02c01a911b3ff832ddf4d664d5c94"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41395","reference_id":"CVE-2026-41395","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41395"},{"reference_url":"https://github.com/advisories/GHSA-8689-gm9g-jgr6","reference_id":"GHSA-8689-gm9g-jgr6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8689-gm9g-jgr6"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8689-gm9g-jgr6","reference_id":"GHSA-8689-gm9g-jgr6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:20:49Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8689-gm9g-jgr6"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-webhook-replay-via-query-parameter-reordering-in-plivo-v3","reference_id":"openclaw-webhook-replay-via-query-parameter-reordering-in-plivo-v3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:20:49Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-webhook-replay-via-query-parameter-reordering-in-plivo-v3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373265?format=json","purl":"pkg:npm/openclaw@2026.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x39-gcpu-yqd9"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c7gn-3t5r-j7bu"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mzpq-bw9z-w7dm"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28"}],"aliases":["CVE-2026-41395","GHSA-8689-gm9g-jgr6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zzub-kp8h-2kar"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79813?format=json","vulnerability_id":"VCID-4rku-5hg1-kucn","summary":"OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve outside sandbox boundaries once missing leaf components are created, weakening bind-source isolation enforcement.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27523","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25681","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27523"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/b5787e4abba0dcc6baf09051099f6773c1679ec1","reference_id":"b5787e4abba0dcc6baf09051099f6773c1679ec1","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T15:38:58Z/"}],"url":"https://github.com/openclaw/openclaw/commit/b5787e4abba0dcc6baf09051099f6773c1679ec1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27523","reference_id":"CVE-2026-27523","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27523"},{"reference_url":"https://github.com/advisories/GHSA-m8v2-6wwh-r4gc","reference_id":"GHSA-m8v2-6wwh-r4gc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m8v2-6wwh-r4gc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m8v2-6wwh-r4gc","reference_id":"GHSA-m8v2-6wwh-r4gc","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T15:38:58Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m8v2-6wwh-r4gc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sandbox-bind-validation-bypass-via-symlink-parent-missing-leaf-paths","reference_id":"openclaw-sandbox-bind-validation-bypass-via-symlink-parent-missing-leaf-paths","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T15:38:58Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-bind-validation-bypass-via-symlink-parent-missing-leaf-paths"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["CVE-2026-27523","GHSA-m8v2-6wwh-r4gc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4rku-5hg1-kucn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77322?format=json","vulnerability_id":"VCID-6mys-s3w1-cuc5","summary":"OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate arbitrary files from the host temporary directory through attachment delivery mechanisms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32026","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23928","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32026"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/79a7b3d22ef92e36a4031093d80a0acb0d82f351","reference_id":"79a7b3d22ef92e36a4031093d80a0acb0d82f351","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T20:10:34Z/"}],"url":"https://github.com/openclaw/openclaw/commit/79a7b3d22ef92e36a4031093d80a0acb0d82f351"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32026","reference_id":"CVE-2026-32026","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32026"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5","reference_id":"d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T20:10:34Z/"}],"url":"https://github.com/openclaw/openclaw/commit/d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5"},{"reference_url":"https://github.com/openclaw/openclaw/commit/def993dbd843ff28f2b3bad5cc24603874ba9f1e","reference_id":"def993dbd843ff28f2b3bad5cc24603874ba9f1e","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T20:10:34Z/"}],"url":"https://github.com/openclaw/openclaw/commit/def993dbd843ff28f2b3bad5cc24603874ba9f1e"},{"reference_url":"https://github.com/advisories/GHSA-33hm-cq8r-wc49","reference_id":"GHSA-33hm-cq8r-wc49","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-33hm-cq8r-wc49"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-33hm-cq8r-wc49","reference_id":"GHSA-33hm-cq8r-wc49","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T20:10:34Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-33hm-cq8r-wc49"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-improper-temporary-path-validation-in-sandbox","reference_id":"openclaw-arbitrary-file-read-via-improper-temporary-path-validation-in-sandbox","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T20:10:34Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-improper-temporary-path-validation-in-sandbox"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["CVE-2026-32026","GHSA-33hm-cq8r-wc49"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mys-s3w1-cuc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77079?format=json","vulnerability_id":"VCID-76ju-xywr-7kfp","summary":"OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands through trailing positional arguments that bypass display context validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32052","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27086","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32052"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/0f0a680d3df81739ea5088a2f88e65f938b7936b","reference_id":"0f0a680d3df81739ea5088a2f88e65f938b7936b","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:44:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/0f0a680d3df81739ea5088a2f88e65f938b7936b"},{"reference_url":"https://github.com/openclaw/openclaw/commit/55cf92578d266987e390c4bf688196af98eac748","reference_id":"55cf92578d266987e390c4bf688196af98eac748","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:44:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/55cf92578d266987e390c4bf688196af98eac748"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32052","reference_id":"CVE-2026-32052","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32052"},{"reference_url":"https://github.com/advisories/GHSA-6rcp-vxwf-3mfp","reference_id":"GHSA-6rcp-vxwf-3mfp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6rcp-vxwf-3mfp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6rcp-vxwf-3mfp","reference_id":"GHSA-6rcp-vxwf-3mfp","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:44:19Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6rcp-vxwf-3mfp"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-hidden-command-execution-via-shell-wrapper-positional-argv-carriers","reference_id":"openclaw-hidden-command-execution-via-shell-wrapper-positional-argv-carriers","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:44:19Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-hidden-command-execution-via-shell-wrapper-positional-argv-carriers"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["CVE-2026-32052","GHSA-6rcp-vxwf-3mfp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76ju-xywr-7kfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79972?format=json","vulnerability_id":"VCID-7hs9-xdrx-gqbh","summary":"OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27522","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05363","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27522"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/270ab03e379f9653e15f7033c9830399b66b7e51","reference_id":"270ab03e379f9653e15f7033c9830399b66b7e51","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T16:00:10Z/"}],"url":"https://github.com/openclaw/openclaw/commit/270ab03e379f9653e15f7033c9830399b66b7e51"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27522","reference_id":"CVE-2026-27522","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27522"},{"reference_url":"https://github.com/advisories/GHSA-fqcm-97m6-w7rm","reference_id":"GHSA-fqcm-97m6-w7rm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fqcm-97m6-w7rm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fqcm-97m6-w7rm","reference_id":"GHSA-fqcm-97m6-w7rm","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T16:00:10Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fqcm-97m6-w7rm"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-sendattachment-and-setgroupicon-message-actions","reference_id":"openclaw-arbitrary-file-read-via-sendattachment-and-setgroupicon-message-actions","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T16:00:10Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-sendattachment-and-setgroupicon-message-actions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["CVE-2026-27522","GHSA-fqcm-97m6-w7rm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hs9-xdrx-gqbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360009?format=json","vulnerability_id":"VCID-8686-vd8b-8ug5","summary":"Duplicate Advisory: Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-gw85-xp4q-5gp9. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent dispatch and downstream tool actions.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31998","reference_id":"CVE-2026-31998","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31998"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gw85-xp4q-5gp9","reference_id":"GHSA-gw85-xp4q-5gp9","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gw85-xp4q-5gp9"},{"reference_url":"https://github.com/advisories/GHSA-jqpf-vj28-9v7r","reference_id":"GHSA-jqpf-vj28-9v7r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jqpf-vj28-9v7r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["GHSA-jqpf-vj28-9v7r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8686-vd8b-8ug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71470?format=json","vulnerability_id":"VCID-8qrs-n9dm-qfeu","summary":"OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent dispatch and downstream tool actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31998","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2176","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31998"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5","reference_id":"0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:33:28Z/"}],"url":"https://github.com/openclaw/openclaw/commit/0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7655c0cb3a47d0647cbbf5284e177f90b4b82ddb","reference_id":"7655c0cb3a47d0647cbbf5284e177f90b4b82ddb","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:33:28Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7655c0cb3a47d0647cbbf5284e177f90b4b82ddb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31998","reference_id":"CVE-2026-31998","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31998"},{"reference_url":"https://github.com/advisories/GHSA-gw85-xp4q-5gp9","reference_id":"GHSA-gw85-xp4q-5gp9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gw85-xp4q-5gp9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gw85-xp4q-5gp9","reference_id":"GHSA-gw85-xp4q-5gp9","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:33:28Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gw85-xp4q-5gp9"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-synology-chat-plugin-via-empty-alloweduserids","reference_id":"openclaw-authorization-bypass-in-synology-chat-plugin-via-empty-alloweduserids","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:33:28Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-synology-chat-plugin-via-empty-alloweduserids"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["CVE-2026-31998","GHSA-gw85-xp4q-5gp9"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qrs-n9dm-qfeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77050?format=json","vulnerability_id":"VCID-fwng-2afx-27bp","summary":"OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container:<id> values to reach services in target container namespaces and bypass network hardening controls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32038","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20506","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32038"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/14b6eea6e","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/14b6eea6e"},{"reference_url":"https://github.com/openclaw/openclaw/commit/5552f9073","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/5552f9073"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32038","reference_id":"CVE-2026-32038","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32038"},{"reference_url":"https://github.com/advisories/GHSA-ww6v-v748-x7g9","reference_id":"GHSA-ww6v-v748-x7g9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ww6v-v748-x7g9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-ww6v-v748-x7g9","reference_id":"GHSA-ww6v-v748-x7g9","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-20T20:09:00Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-ww6v-v748-x7g9"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sandbox-network-isolation-bypass-via-docker-network-container-parameter","reference_id":"openclaw-sandbox-network-isolation-bypass-via-docker-network-container-parameter","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-20T20:09:00Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-network-isolation-bypass-via-docker-network-container-parameter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["CVE-2026-32038","GHSA-ww6v-v748-x7g9"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwng-2afx-27bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77172?format=json","vulnerability_id":"VCID-gnq2-tc6q-h7hv","summary":"OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these trusted directories can place a malicious binary with the same name as an allowed executable to achieve arbitrary command execution within the OpenClaw runtime context.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32009","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03923","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32009"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/b67e600bff696ff2ed9b470826590c0ce6b3bb0a","reference_id":"b67e600bff696ff2ed9b470826590c0ce6b3bb0a","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:21:25Z/"}],"url":"https://github.com/openclaw/openclaw/commit/b67e600bff696ff2ed9b470826590c0ce6b3bb0a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32009","reference_id":"CVE-2026-32009","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32009"},{"reference_url":"https://github.com/advisories/GHSA-5gj7-jf77-q2q2","reference_id":"GHSA-5gj7-jf77-q2q2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5gj7-jf77-q2q2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5gj7-jf77-q2q2","reference_id":"GHSA-5gj7-jf77-q2q2","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:21:25Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5gj7-jf77-q2q2"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-binary-hijacking-via-static-default-trusted-directories-in-safebins","reference_id":"openclaw-binary-hijacking-via-static-default-trusted-directories-in-safebins","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:21:25Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-binary-hijacking-via-static-default-trusted-directories-in-safebins"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["CVE-2026-32009","GHSA-5gj7-jf77-q2q2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnq2-tc6q-h7hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360039?format=json","vulnerability_id":"VCID-j915-992q-8fba","summary":"Duplicate Advisory: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-6rcp-vxwf-3mfp. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands through trailing positional arguments that bypass display context validation.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32052","reference_id":"CVE-2026-32052","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32052"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6rcp-vxwf-3mfp","reference_id":"GHSA-6rcp-vxwf-3mfp","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H"},{"value":"5.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6rcp-vxwf-3mfp"},{"reference_url":"https://github.com/advisories/GHSA-w6f4-3v35-qjhj","reference_id":"GHSA-w6f4-3v35-qjhj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6f4-3v35-qjhj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["GHSA-w6f4-3v35-qjhj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j915-992q-8fba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212742?format=json","vulnerability_id":"VCID-jfuc-1dfh-vyh6","summary":"OpenClaw's Zalo group sender allowlist bypass permits unauthorized GROUP dispatch","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/b4010a0b627025c809c0e5dbdbd4770f3bc59ef8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/b4010a0b627025c809c0e5dbdbd4770f3bc59ef8"},{"reference_url":"https://github.com/advisories/GHSA-534w-2vm4-89xr","reference_id":"GHSA-534w-2vm4-89xr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-534w-2vm4-89xr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-534w-2vm4-89xr","reference_id":"GHSA-534w-2vm4-89xr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-534w-2vm4-89xr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["GHSA-534w-2vm4-89xr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jfuc-1dfh-vyh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77481?format=json","vulnerability_id":"VCID-r9kn-e4wh-syh3","summary":"OpenClaw versions prior to 2026.2.24 contain a path traversal vulnerability where @-prefixed absolute paths bypass workspace-only file-system boundary validation due to canonicalization mismatch. Attackers can exploit this by crafting @-prefixed paths like @/etc/passwd to read files outside the intended workspace boundary when tools.fs.workspaceOnly is enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32033","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21747","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32033"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/9ef0fc2ff8fa7b145d1e746d6eb030b1bf692260","reference_id":"9ef0fc2ff8fa7b145d1e746d6eb030b1bf692260","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:00:43Z/"}],"url":"https://github.com/openclaw/openclaw/commit/9ef0fc2ff8fa7b145d1e746d6eb030b1bf692260"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32033","reference_id":"CVE-2026-32033","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32033"},{"reference_url":"https://github.com/advisories/GHSA-27cr-4p5m-74rj","reference_id":"GHSA-27cr-4p5m-74rj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27cr-4p5m-74rj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-27cr-4p5m-74rj","reference_id":"GHSA-27cr-4p5m-74rj","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:00:43Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-27cr-4p5m-74rj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-path-traversal-via-prefixed-absolute-paths-in-workspace-boundary-validation","reference_id":"openclaw-path-traversal-via-prefixed-absolute-paths-in-workspace-boundary-validation","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:00:43Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-path-traversal-via-prefixed-absolute-paths-in-workspace-boundary-validation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["CVE-2026-32033","GHSA-27cr-4p5m-74rj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r9kn-e4wh-syh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212704?format=json","vulnerability_id":"VCID-t2hz-4acu-9bcy","summary":"OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/9514201fb9b51de5d0b23151110d0ff5d9c8bd67","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/9514201fb9b51de5d0b23151110d0ff5d9c8bd67"},{"reference_url":"https://github.com/advisories/GHSA-h656-5vcf-cm23","reference_id":"GHSA-h656-5vcf-cm23","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h656-5vcf-cm23"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h656-5vcf-cm23","reference_id":"GHSA-h656-5vcf-cm23","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h656-5vcf-cm23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["GHSA-h656-5vcf-cm23"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2hz-4acu-9bcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77230?format=json","vulnerability_id":"VCID-u9gs-nc3d-bubh","summary":"OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where nested transparent dispatch wrappers can suppress shell-wrapper detection. Attackers can exploit this by chaining multiple dispatch wrappers like /usr/bin/env to execute /bin/sh -c commands without triggering the expected approval prompt in allowlist plus ask=on-miss configurations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32023","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1853","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32023"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/57c9a18180c8b14885bbd95474cbb17ff2d03f0b","reference_id":"57c9a18180c8b14885bbd95474cbb17ff2d03f0b","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:25:34Z/"}],"url":"https://github.com/openclaw/openclaw/commit/57c9a18180c8b14885bbd95474cbb17ff2d03f0b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32023","reference_id":"CVE-2026-32023","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32023"},{"reference_url":"https://github.com/advisories/GHSA-ccg8-46r6-9qgj","reference_id":"GHSA-ccg8-46r6-9qgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ccg8-46r6-9qgj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-ccg8-46r6-9qgj","reference_id":"GHSA-ccg8-46r6-9qgj","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:25:34Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-ccg8-46r6-9qgj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-approval-gating-bypass-via-dispatch-wrapper-depth-cap-mismatch-in-system-run","reference_id":"openclaw-approval-gating-bypass-via-dispatch-wrapper-depth-cap-mismatch-in-system-run","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:25:34Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-approval-gating-bypass-via-dispatch-wrapper-depth-cap-mismatch-in-system-run"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["CVE-2026-32023","GHSA-ccg8-46r6-9qgj"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u9gs-nc3d-bubh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212703?format=json","vulnerability_id":"VCID-ywq5-39mf-cfcc","summary":"OpenClaw: Native prompt image auto-load did not honor tools.fs.workspaceOnly in sandboxed runs","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/370d115549c0dadace0902775eea0d5094aedfdc","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/commit/370d115549c0dadace0902775eea0d5094aedfdc"},{"reference_url":"https://github.com/advisories/GHSA-9f72-qcpw-2hxc","reference_id":"GHSA-9f72-qcpw-2hxc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9f72-qcpw-2hxc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9f72-qcpw-2hxc","reference_id":"GHSA-9f72-qcpw-2hxc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9f72-qcpw-2hxc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40077?format=json","purl":"pkg:npm/openclaw@2026.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12a9-am5h-9fch"},{"vulnerability":"VCID-13uy-bfur-93c9"},{"vulnerability":"VCID-1cbb-8u8n-dqa8"},{"vulnerability":"VCID-1f2r-y41u-y7b4"},{"vulnerability":"VCID-1gsf-j6g3-4fd7"},{"vulnerability":"VCID-1ht7-4wun-gba4"},{"vulnerability":"VCID-1j9j-8qcc-tyhy"},{"vulnerability":"VCID-1kns-bfm7-wqa7"},{"vulnerability":"VCID-1qwb-a969-kye3"},{"vulnerability":"VCID-1sxg-r1bm-mygk"},{"vulnerability":"VCID-1wqp-rrgy-4ffe"},{"vulnerability":"VCID-1xsa-kxhe-6ugq"},{"vulnerability":"VCID-213t-kf4c-qfct"},{"vulnerability":"VCID-24x5-nkt2-wbg7"},{"vulnerability":"VCID-27ud-w29j-cbeq"},{"vulnerability":"VCID-29xp-41b2-cycb"},{"vulnerability":"VCID-2amg-4khy-1ufr"},{"vulnerability":"VCID-2c8q-g4uw-mufb"},{"vulnerability":"VCID-2d5p-gd51-3bfc"},{"vulnerability":"VCID-2d6p-8jxd-1yc4"},{"vulnerability":"VCID-2h93-dwfp-4yfe"},{"vulnerability":"VCID-2keu-vgjt-t7ba"},{"vulnerability":"VCID-2mq8-xddp-y7ef"},{"vulnerability":"VCID-2p3a-gmxy-37gx"},{"vulnerability":"VCID-2t7c-q448-a7bp"},{"vulnerability":"VCID-2tsv-9m6k-1qdn"},{"vulnerability":"VCID-2vz1-7wq1-qbbk"},{"vulnerability":"VCID-3c7e-6d4p-cqdt"},{"vulnerability":"VCID-3f2g-c9me-nbdm"},{"vulnerability":"VCID-3f8g-rfq5-fbeb"},{"vulnerability":"VCID-3fg7-n18p-cqek"},{"vulnerability":"VCID-3qf3-mq53-fbgp"},{"vulnerability":"VCID-3swm-pxgf-sqbx"},{"vulnerability":"VCID-3z4d-sm3h-2bg4"},{"vulnerability":"VCID-3zp7-juc8-cbf4"},{"vulnerability":"VCID-416m-tsuc-b3fg"},{"vulnerability":"VCID-45as-yk5j-dug2"},{"vulnerability":"VCID-47ty-n3m4-nbbe"},{"vulnerability":"VCID-4ef4-xvcn-nbbq"},{"vulnerability":"VCID-4fv2-atra-6ue3"},{"vulnerability":"VCID-4kcu-akxv-hker"},{"vulnerability":"VCID-4n9g-ymdq-6fhd"},{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-4srt-x1xb-xqa8"},{"vulnerability":"VCID-4umw-rnj5-efad"},{"vulnerability":"VCID-4x1j-ccq5-d7cu"},{"vulnerability":"VCID-4yrw-qqvt-jkhn"},{"vulnerability":"VCID-54js-czwp-jkce"},{"vulnerability":"VCID-55vp-7m3m-pfem"},{"vulnerability":"VCID-563k-49s5-5fbp"},{"vulnerability":"VCID-59a9-8rag-mfg5"},{"vulnerability":"VCID-59an-tnp2-qfgg"},{"vulnerability":"VCID-5c35-mfrw-r3fg"},{"vulnerability":"VCID-5czq-jh7n-a3d8"},{"vulnerability":"VCID-5eqd-gfxe-t7g7"},{"vulnerability":"VCID-5hvu-e2e8-y7h6"},{"vulnerability":"VCID-5j3s-mfzd-2uex"},{"vulnerability":"VCID-5jgs-gk2n-8fdk"},{"vulnerability":"VCID-5k9d-n6kg-g3bn"},{"vulnerability":"VCID-5msy-va7d-jkhz"},{"vulnerability":"VCID-5qma-pezj-mucc"},{"vulnerability":"VCID-5r19-s5sm-x7bj"},{"vulnerability":"VCID-5szz-xqng-fffv"},{"vulnerability":"VCID-5uvn-998w-hfds"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-64pj-77vs-8kbf"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-6atn-d2zy-1qcm"},{"vulnerability":"VCID-6bzc-dk3a-c7gk"},{"vulnerability":"VCID-6ccy-jc9d-6qcm"},{"vulnerability":"VCID-6ce4-zpfh-pybu"},{"vulnerability":"VCID-6ctp-85cy-k3dz"},{"vulnerability":"VCID-6cym-v42t-quh6"},{"vulnerability":"VCID-6fjf-yjn7-qkbh"},{"vulnerability":"VCID-6g13-hcrk-xucm"},{"vulnerability":"VCID-6hav-n44a-dkeu"},{"vulnerability":"VCID-6hhg-fpqw-kye9"},{"vulnerability":"VCID-6vqt-8y4n-63h8"},{"vulnerability":"VCID-6w88-6bts-sudv"},{"vulnerability":"VCID-71uy-yz3c-n3et"},{"vulnerability":"VCID-722e-beau-8kdc"},{"vulnerability":"VCID-7a1r-hefj-pfg4"},{"vulnerability":"VCID-7bpx-6g2s-8kfd"},{"vulnerability":"VCID-7dbw-4jba-83a4"},{"vulnerability":"VCID-7gjj-xzp6-mqcx"},{"vulnerability":"VCID-7j27-ndq2-mfht"},{"vulnerability":"VCID-7kyj-gddz-gkfb"},{"vulnerability":"VCID-7r7v-pvsj-uyaw"},{"vulnerability":"VCID-7rcc-8g5p-3ydv"},{"vulnerability":"VCID-7v88-gh66-ybgd"},{"vulnerability":"VCID-812y-rb9q-m7eu"},{"vulnerability":"VCID-82aq-wxf5-aka8"},{"vulnerability":"VCID-84ms-aakm-x3dc"},{"vulnerability":"VCID-86wa-z59e-xqgu"},{"vulnerability":"VCID-8d4y-8k53-tqe8"},{"vulnerability":"VCID-8ezv-nxwq-q3b1"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-8h7u-pr1w-z7df"},{"vulnerability":"VCID-8k93-nveu-fbem"},{"vulnerability":"VCID-8n16-rgcn-2bey"},{"vulnerability":"VCID-8sps-h6k2-43c9"},{"vulnerability":"VCID-8x1d-qnqk-7qcz"},{"vulnerability":"VCID-925q-556p-q3f6"},{"vulnerability":"VCID-95y2-eute-yyfm"},{"vulnerability":"VCID-9csu-c6t3-3kak"},{"vulnerability":"VCID-9jhp-q7y2-8qdu"},{"vulnerability":"VCID-9pv2-ufhu-w7g1"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-9vbr-88pv-hudj"},{"vulnerability":"VCID-9wbp-zj23-fyg4"},{"vulnerability":"VCID-9xv8-jtc8-ekcr"},{"vulnerability":"VCID-9zkk-mp8b-kbbg"},{"vulnerability":"VCID-a4pw-9uzw-47ge"},{"vulnerability":"VCID-a7hc-rue8-13eb"},{"vulnerability":"VCID-a9q6-xpjm-6yfd"},{"vulnerability":"VCID-adnz-kugc-63e6"},{"vulnerability":"VCID-ae96-b8bt-43bv"},{"vulnerability":"VCID-aegc-6ab1-k7hk"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-agtk-z6cf-1bh7"},{"vulnerability":"VCID-atc5-y6k6-zbg6"},{"vulnerability":"VCID-b194-drmd-hkbp"},{"vulnerability":"VCID-b3av-6zna-sugm"},{"vulnerability":"VCID-b3nv-4pe7-fyhj"},{"vulnerability":"VCID-bbsf-dk9q-nqh3"},{"vulnerability":"VCID-bddn-w4cm-9udq"},{"vulnerability":"VCID-bdx2-c7m3-xbfv"},{"vulnerability":"VCID-bfj1-xxkp-aubu"},{"vulnerability":"VCID-bj4f-1qy4-33g7"},{"vulnerability":"VCID-bn3j-q22a-aybg"},{"vulnerability":"VCID-bnzw-duu7-7fgu"},{"vulnerability":"VCID-bqwy-vw6g-uudj"},{"vulnerability":"VCID-brzy-7832-5bhh"},{"vulnerability":"VCID-bt5u-3vwp-rqcw"},{"vulnerability":"VCID-bvyn-2c5r-4bce"},{"vulnerability":"VCID-c198-v1zn-pbck"},{"vulnerability":"VCID-c3fa-2u7p-pkgn"},{"vulnerability":"VCID-c3hg-hct8-eqbv"},{"vulnerability":"VCID-c723-znew-ebhm"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-c8mh-j256-j3aa"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-cfj6-nuq4-wudw"},{"vulnerability":"VCID-cj2h-dvh1-1bhx"},{"vulnerability":"VCID-ckjx-441a-zqfx"},{"vulnerability":"VCID-cqm7-wncz-z3ed"},{"vulnerability":"VCID-cqrj-mmkg-fkb1"},{"vulnerability":"VCID-crh9-tw4p-2bgr"},{"vulnerability":"VCID-cu3u-xqct-vqg6"},{"vulnerability":"VCID-d34s-z46v-gygk"},{"vulnerability":"VCID-d5d6-s6qw-1bbf"},{"vulnerability":"VCID-d8dy-y1mu-bqgc"},{"vulnerability":"VCID-deuq-mfzr-d7c2"},{"vulnerability":"VCID-djr4-azeh-mfap"},{"vulnerability":"VCID-dnts-s9yw-5ydv"},{"vulnerability":"VCID-dnym-w1cd-9fdj"},{"vulnerability":"VCID-dtrh-kmkq-r7hd"},{"vulnerability":"VCID-dtva-truu-4qac"},{"vulnerability":"VCID-duqg-y513-2bd2"},{"vulnerability":"VCID-dvr7-ug54-1fcj"},{"vulnerability":"VCID-dxpt-cg6z-17am"},{"vulnerability":"VCID-e1s7-q6qr-4fbc"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e351-abpr-7fhx"},{"vulnerability":"VCID-e6cf-mh6h-pqgn"},{"vulnerability":"VCID-e6q6-e2my-gfce"},{"vulnerability":"VCID-e84v-kdtb-5ycs"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eaeg-e381-nyh5"},{"vulnerability":"VCID-ed19-ejju-v3c7"},{"vulnerability":"VCID-ed61-sus3-3yh9"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-eju9-rz5x-1bbk"},{"vulnerability":"VCID-emy9-ceb6-vfba"},{"vulnerability":"VCID-epaf-29e7-kue8"},{"vulnerability":"VCID-es6n-25j9-jqfe"},{"vulnerability":"VCID-esfn-atcn-aygd"},{"vulnerability":"VCID-esfq-5qft-rqf2"},{"vulnerability":"VCID-esve-n4ww-rudc"},{"vulnerability":"VCID-eu95-x34h-5bhb"},{"vulnerability":"VCID-f19h-hsfh-n3a7"},{"vulnerability":"VCID-f22e-sy58-g7fb"},{"vulnerability":"VCID-f273-e6zd-cqbx"},{"vulnerability":"VCID-f456-fjce-9bcz"},{"vulnerability":"VCID-f5q3-7bm2-1kgw"},{"vulnerability":"VCID-f925-x5qa-buav"},{"vulnerability":"VCID-f95y-gnx3-wydp"},{"vulnerability":"VCID-f97e-xtcp-eqfe"},{"vulnerability":"VCID-fcfw-yctj-v3cy"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-fgvc-92pj-h3c1"},{"vulnerability":"VCID-fvrb-5u2m-13eg"},{"vulnerability":"VCID-fzag-upa9-n7cr"},{"vulnerability":"VCID-g2hf-mzjs-2fbn"},{"vulnerability":"VCID-g7fp-6gzk-83gk"},{"vulnerability":"VCID-g8k6-3qev-v7ga"},{"vulnerability":"VCID-gd62-paxx-abgy"},{"vulnerability":"VCID-ggpx-kfke-xfhr"},{"vulnerability":"VCID-gh64-hwfz-p3ep"},{"vulnerability":"VCID-gtx5-qd3p-cyd2"},{"vulnerability":"VCID-gyeu-sff6-vfgb"},{"vulnerability":"VCID-h35e-at78-gban"},{"vulnerability":"VCID-h5h5-c9az-4be3"},{"vulnerability":"VCID-h6wv-azua-wkgw"},{"vulnerability":"VCID-h77b-c2kq-8kej"},{"vulnerability":"VCID-h78a-py8h-ekgj"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-hh2g-pzbh-13ax"},{"vulnerability":"VCID-hpwn-wgb8-xbh4"},{"vulnerability":"VCID-hrnb-5t6m-jkaq"},{"vulnerability":"VCID-hvg4-uvx3-mbg2"},{"vulnerability":"VCID-hvv4-s4g7-vfea"},{"vulnerability":"VCID-hy1q-5cfa-q7es"},{"vulnerability":"VCID-j13w-x4ky-8yhd"},{"vulnerability":"VCID-j7bv-npgz-n7e7"},{"vulnerability":"VCID-j7uv-qgjz-ubdq"},{"vulnerability":"VCID-j9kk-jqgm-kqbk"},{"vulnerability":"VCID-jarm-du2f-1uef"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-jj5g-2uaq-tua3"},{"vulnerability":"VCID-jnbs-cnfs-nkb5"},{"vulnerability":"VCID-juz5-e48p-hufx"},{"vulnerability":"VCID-jwnv-j7hq-sbh9"},{"vulnerability":"VCID-jzrz-3e6m-c7ez"},{"vulnerability":"VCID-jzvr-jz7v-q3h1"},{"vulnerability":"VCID-k19r-em9r-bybp"},{"vulnerability":"VCID-k1fs-5s5j-xyh6"},{"vulnerability":"VCID-k64p-h928-dfcs"},{"vulnerability":"VCID-kact-h3hk-d7eg"},{"vulnerability":"VCID-kdn3-sa62-4bef"},{"vulnerability":"VCID-kfmd-usy4-afbu"},{"vulnerability":"VCID-kkqe-kjun-mufe"},{"vulnerability":"VCID-kkw6-d2rs-9uh3"},{"vulnerability":"VCID-kmue-xe85-hbgr"},{"vulnerability":"VCID-kpbm-y7e6-t3gg"},{"vulnerability":"VCID-kprt-1prq-n7bt"},{"vulnerability":"VCID-kr71-ur8n-vqe1"},{"vulnerability":"VCID-kt4v-cekr-fka8"},{"vulnerability":"VCID-kxyq-t74z-p3gf"},{"vulnerability":"VCID-kzju-dt4v-syff"},{"vulnerability":"VCID-m3h2-6en6-2ye4"},{"vulnerability":"VCID-m4qc-8d4v-dbe2"},{"vulnerability":"VCID-m5mp-zry4-wfew"},{"vulnerability":"VCID-m8ba-t6kp-3kcx"},{"vulnerability":"VCID-mdss-pw9y-7kh6"},{"vulnerability":"VCID-msr2-gsjh-1bat"},{"vulnerability":"VCID-mwj4-uf8p-e3bm"},{"vulnerability":"VCID-mwyx-q85j-93dk"},{"vulnerability":"VCID-n2xf-a53e-hkdn"},{"vulnerability":"VCID-n3c5-p4ah-e7e9"},{"vulnerability":"VCID-n77t-a476-8ye2"},{"vulnerability":"VCID-n7kf-616a-67bk"},{"vulnerability":"VCID-n8n3-2zmf-guhs"},{"vulnerability":"VCID-na8n-2vex-zfdb"},{"vulnerability":"VCID-nfvd-f7cc-tkhm"},{"vulnerability":"VCID-njf8-w51n-qkgp"},{"vulnerability":"VCID-nk7m-krnp-x3ej"},{"vulnerability":"VCID-nkkj-ue4v-3ueh"},{"vulnerability":"VCID-np53-nrkf-uyhe"},{"vulnerability":"VCID-p53z-23c4-sych"},{"vulnerability":"VCID-pbqc-njj8-1ucb"},{"vulnerability":"VCID-pe1f-8yv2-a7gn"},{"vulnerability":"VCID-pecx-xt79-1kht"},{"vulnerability":"VCID-pjra-aaxs-ybek"},{"vulnerability":"VCID-pm3t-c8dr-zkhy"},{"vulnerability":"VCID-pnky-1fgw-mkdb"},{"vulnerability":"VCID-psme-ems8-17e8"},{"vulnerability":"VCID-pu7g-crjz-27c6"},{"vulnerability":"VCID-pudw-8fpm-abak"},{"vulnerability":"VCID-pxsn-dddj-a3hp"},{"vulnerability":"VCID-pyut-62r7-6fgp"},{"vulnerability":"VCID-q18t-kkbk-j3er"},{"vulnerability":"VCID-q6h5-e93e-j3d7"},{"vulnerability":"VCID-qcrw-m7k3-ubgm"},{"vulnerability":"VCID-qhdq-m4mz-hyc1"},{"vulnerability":"VCID-qmnc-zfxh-87g4"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-qqz4-uy33-qya2"},{"vulnerability":"VCID-qt48-xw6x-nudj"},{"vulnerability":"VCID-qt8t-f9xc-qbgp"},{"vulnerability":"VCID-qu81-grr8-x7af"},{"vulnerability":"VCID-qujt-gddx-ckbm"},{"vulnerability":"VCID-qwws-3gm7-ubfu"},{"vulnerability":"VCID-qx6n-dk9c-8yd3"},{"vulnerability":"VCID-qysu-d14g-j7hh"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-r9at-m759-wua3"},{"vulnerability":"VCID-rc3c-ycw2-nbcu"},{"vulnerability":"VCID-rffw-fgxm-1ue9"},{"vulnerability":"VCID-rm55-3hs1-23b4"},{"vulnerability":"VCID-rnd8-vrah-d7fs"},{"vulnerability":"VCID-rr2j-c7md-57gj"},{"vulnerability":"VCID-s45u-hr8t-gffq"},{"vulnerability":"VCID-sb3c-wxqd-akg3"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-skbd-d6ks-uqe4"},{"vulnerability":"VCID-sqr6-smfg-uqdy"},{"vulnerability":"VCID-sqxg-9akn-j7az"},{"vulnerability":"VCID-svyq-6gm7-efez"},{"vulnerability":"VCID-t14t-27xx-83g3"},{"vulnerability":"VCID-t2b3-n8xb-k3fn"},{"vulnerability":"VCID-t7nn-6cy7-2yak"},{"vulnerability":"VCID-t8uj-crn4-4qej"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-tfmw-ee3j-xuax"},{"vulnerability":"VCID-tg1c-vs9g-8ya8"},{"vulnerability":"VCID-tgnw-vne2-2kc1"},{"vulnerability":"VCID-tm7a-1rzn-5yak"},{"vulnerability":"VCID-tm94-jwz9-kkd6"},{"vulnerability":"VCID-ts15-y9qj-13e9"},{"vulnerability":"VCID-ttg2-j7x3-m7de"},{"vulnerability":"VCID-tyz3-w2hm-gqg7"},{"vulnerability":"VCID-ua3s-nu49-r3c3"},{"vulnerability":"VCID-uass-9jcc-x3f5"},{"vulnerability":"VCID-ub5p-bp37-hff5"},{"vulnerability":"VCID-umc5-sf9t-p7h6"},{"vulnerability":"VCID-unkk-dpkx-mkhk"},{"vulnerability":"VCID-utnp-5swq-4qan"},{"vulnerability":"VCID-uxkz-gf1t-kua1"},{"vulnerability":"VCID-uztv-hr8t-dyeu"},{"vulnerability":"VCID-v3g3-zvr2-3khy"},{"vulnerability":"VCID-v3u2-k16m-9kdp"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-vce7-4bp4-k3bq"},{"vulnerability":"VCID-vcyc-ydxy-9bbh"},{"vulnerability":"VCID-vh9v-4d1k-5ygk"},{"vulnerability":"VCID-vpee-kdhr-xuf3"},{"vulnerability":"VCID-vrd4-ue7s-queb"},{"vulnerability":"VCID-vwzy-r5v5-mfbk"},{"vulnerability":"VCID-vz6e-zxhj-8fa7"},{"vulnerability":"VCID-w49b-cbcg-abat"},{"vulnerability":"VCID-w816-x4a9-h7fq"},{"vulnerability":"VCID-wbf3-5k7u-x7ap"},{"vulnerability":"VCID-wje6-u94m-h3d5"},{"vulnerability":"VCID-wks9-hb2x-f7et"},{"vulnerability":"VCID-wnuj-9531-h7ac"},{"vulnerability":"VCID-wwx4-qepr-6ue8"},{"vulnerability":"VCID-wy1e-xtu7-v3ah"},{"vulnerability":"VCID-wy7x-h8yp-6kcs"},{"vulnerability":"VCID-wz6y-gpz9-sqfp"},{"vulnerability":"VCID-x5a1-bdbv-2fbv"},{"vulnerability":"VCID-x66k-fdng-tfan"},{"vulnerability":"VCID-x9wb-z2ae-q7b2"},{"vulnerability":"VCID-xbkn-rk3f-33hw"},{"vulnerability":"VCID-xdcp-b977-e3bm"},{"vulnerability":"VCID-xdtj-kyur-ffg6"},{"vulnerability":"VCID-xhej-v61s-vkht"},{"vulnerability":"VCID-xr48-nm9h-fkds"},{"vulnerability":"VCID-xsbb-51rw-p7e8"},{"vulnerability":"VCID-xttb-bfmd-uyfh"},{"vulnerability":"VCID-xv1n-1wbt-8ydw"},{"vulnerability":"VCID-xw16-zng9-bug2"},{"vulnerability":"VCID-xwcc-bu96-4bhf"},{"vulnerability":"VCID-xyap-5sgd-2ydq"},{"vulnerability":"VCID-xyug-3ymm-gqfq"},{"vulnerability":"VCID-y1tn-gnuu-dqg1"},{"vulnerability":"VCID-y3jr-1k58-9ye8"},{"vulnerability":"VCID-y3nq-a16d-ebam"},{"vulnerability":"VCID-y493-unyv-33bw"},{"vulnerability":"VCID-y5fh-j64j-8ygt"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-y922-jg2a-6fff"},{"vulnerability":"VCID-y927-u929-17bd"},{"vulnerability":"VCID-ye9d-bzdx-bbeq"},{"vulnerability":"VCID-yjb1-4y48-a7g6"},{"vulnerability":"VCID-ymb1-z8vm-vfa8"},{"vulnerability":"VCID-yn9a-p67j-c7dk"},{"vulnerability":"VCID-yqjc-khg8-uyb4"},{"vulnerability":"VCID-yrgt-62vk-x3bn"},{"vulnerability":"VCID-yx7v-h35b-vuen"},{"vulnerability":"VCID-z2b6-nmg2-1ue8"},{"vulnerability":"VCID-z38e-4ju1-7ydy"},{"vulnerability":"VCID-z438-846q-27f3"},{"vulnerability":"VCID-z4z4-3e3q-zbfy"},{"vulnerability":"VCID-z5ke-btzd-b7cx"},{"vulnerability":"VCID-z9dc-47q8-7kc8"},{"vulnerability":"VCID-zhf4-arnt-uqfx"},{"vulnerability":"VCID-zk8m-c8de-rqbn"},{"vulnerability":"VCID-zmfp-x82c-3kcd"},{"vulnerability":"VCID-zpr8-r9ee-xbev"},{"vulnerability":"VCID-zqds-fryf-tbgv"},{"vulnerability":"VCID-zw9g-abft-skg9"},{"vulnerability":"VCID-zwqw-xjzm-mbep"},{"vulnerability":"VCID-zxc5-3vhg-b3hw"},{"vulnerability":"VCID-zyta-2q43-5bae"},{"vulnerability":"VCID-zzub-kp8h-2kar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}],"aliases":["GHSA-9f72-qcpw-2hxc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywq5-39mf-cfcc"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"}