{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","type":"npm","namespace":"","name":"openclaw","version":"2026.2.19","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2026.2.21","latest_non_vulnerable_version":"2026.3.11","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50284?format=json","vulnerability_id":"VCID-1b9k-hn2z-syc6","summary":"OpenClaw: Reject symlinks in local skill packaging script\n- Potential unintentional disclosure of local files from the packaging machine into a generated `.skill` artifact.\n- Requires local execution of the packaging script on attacker-controlled skill contents.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c275932aa4230fb7a8212fe1b9d2a18424874b3f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/c275932aa4230fb7a8212fe1b9d2a18424874b3f"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ee1d6427b544ccadd73e02b1630ea5c29ba9a9f0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/ee1d6427b544ccadd73e02b1630ea5c29ba9a9f0"},{"reference_url":"https://github.com/openclaw/openclaw/pull/20796","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/pull/20796"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.2.19","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.2.19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27485","reference_id":"CVE-2026-27485","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27485"},{"reference_url":"https://github.com/advisories/GHSA-r6h2-5gqq-v5v6","reference_id":"GHSA-r6h2-5gqq-v5v6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r6h2-5gqq-v5v6"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r6h2-5gqq-v5v6","reference_id":"GHSA-r6h2-5gqq-v5v6","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r6h2-5gqq-v5v6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-27485","GHSA-r6h2-5gqq-v5v6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1b9k-hn2z-syc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50635?format=json","vulnerability_id":"VCID-2mpv-yh7x-93dx","summary":"OpenClaw has command injection via Windows shell fallback in Lobster tool execution\nThe Lobster extension tool execution path used a Windows shell fallback (`shell: true`) after spawn failures (`EINVAL`/`ENOENT`). In that fallback path, shell metacharacters in command arguments can be interpreted by the shell, enabling command injection.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ba7be018da354ea9f803ed356d20464df0437916","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/ba7be018da354ea9f803ed356d20464df0437916"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32000","reference_id":"CVE-2026-32000","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32000"},{"reference_url":"https://github.com/advisories/GHSA-7fcc-cw49-xm78","reference_id":"GHSA-7fcc-cw49-xm78","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7fcc-cw49-xm78"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7fcc-cw49-xm78","reference_id":"GHSA-7fcc-cw49-xm78","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7fcc-cw49-xm78"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-32000","GHSA-7fcc-cw49-xm78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2mpv-yh7x-93dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50244?format=json","vulnerability_id":"VCID-53zm-kz15-53en","summary":"OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags\n`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2c05cbb43e48ebad03626d3125746fb1b9a8520f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/2c05cbb43e48ebad03626d3125746fb1b9a8520f"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-safebins-stdin-only-bypass-via-sort-output-and-recursive-grep-flags","reference_id":"","reference_type":"","scores":[],"url":"https://www.vulncheck.com/advisories/openclaw-safebins-stdin-only-bypass-via-sort-output-and-recursive-grep-flags"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31996","reference_id":"CVE-2026-31996","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31996"},{"reference_url":"https://github.com/advisories/GHSA-4685-c5cp-vp95","reference_id":"GHSA-4685-c5cp-vp95","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4685-c5cp-vp95"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4685-c5cp-vp95","reference_id":"GHSA-4685-c5cp-vp95","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4685-c5cp-vp95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-31996","GHSA-4685-c5cp-vp95"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53zm-kz15-53en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50537?format=json","vulnerability_id":"VCID-56t4-p2fe-guhg","summary":"OpenClaw's owner-only gateway tool access checks were incomplete in specific authenticated DM flows\nIn authenticated non-owner DM sessions, a narrow tool-invocation path could reach broader-than-intended owner-only gateway actions.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2777d8ad91ef1e8a7c6f5b4b18f8507be7d02914","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/2777d8ad91ef1e8a7c6f5b4b18f8507be7d02914"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3d7ad1cfca4daaa84cd553e843e0e08fa6201349","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/3d7ad1cfca4daaa84cd553e843e0e08fa6201349"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a40c10d3e24568b1e2947c104484be74bf66b8d2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/a40c10d3e24568b1e2947c104484be74bf66b8d2"},{"reference_url":"https://github.com/advisories/GHSA-2hm8-rqrm-xfjq","reference_id":"GHSA-2hm8-rqrm-xfjq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2hm8-rqrm-xfjq"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2hm8-rqrm-xfjq","reference_id":"GHSA-2hm8-rqrm-xfjq","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2hm8-rqrm-xfjq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["GHSA-2hm8-rqrm-xfjq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56t4-p2fe-guhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50540?format=json","vulnerability_id":"VCID-8zsd-p6pb-57cg","summary":"OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()\nOpenClaw’s Feishu media download flow used untrusted Feishu media keys (`imageKey` / `fileKey`) when building temporary file paths in `extensions/feishu/src/media.ts`.\nBecause those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redirect writes outside `os.tmpdir()`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c821099157a9767d4df208c6b12f214946507871","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/c821099157a9767d4df208c6b12f214946507871"},{"reference_url":"https://github.com/openclaw/openclaw/commit/cdb00fe2428000e7a08f9b7848784a0049176705","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/cdb00fe2428000e7a08f9b7848784a0049176705"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ec232a9e2dff60f0e3d7e827a7c868db5254473f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/ec232a9e2dff60f0e3d7e827a7c868db5254473f"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-path-traversal-in-feishu-media-temporary-file-naming","reference_id":"","reference_type":"","scores":[],"url":"https://www.vulncheck.com/advisories/openclaw-path-traversal-in-feishu-media-temporary-file-naming"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22171","reference_id":"CVE-2026-22171","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22171"},{"reference_url":"https://github.com/advisories/GHSA-vj3g-5px3-gr46","reference_id":"GHSA-vj3g-5px3-gr46","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vj3g-5px3-gr46"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vj3g-5px3-gr46","reference_id":"GHSA-vj3g-5px3-gr46","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vj3g-5px3-gr46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-22171","GHSA-vj3g-5px3-gr46"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zsd-p6pb-57cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50675?format=json","vulnerability_id":"VCID-944r-f4rv-hqa1","summary":"OpenClaw has SSRF guard bypass via IPv6 transition over ISATAP\nOpenClaw's SSRF hostname/IP guard did not detect ISATAP embedded IPv4 addresses (`...:5efe:w.x.y.z`). A crafted URL containing an ISATAP IPv6 literal could embed a private IPv4 target (for example loopback) and bypass private-address filtering in URL-fetching paths.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/d51929ecb52fe65e90bf36795f4247feb29eb8aa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/d51929ecb52fe65e90bf36795f4247feb29eb8aa"},{"reference_url":"https://github.com/advisories/GHSA-8cp7-rp8r-mg77","reference_id":"GHSA-8cp7-rp8r-mg77","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8cp7-rp8r-mg77"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8cp7-rp8r-mg77","reference_id":"GHSA-8cp7-rp8r-mg77","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8cp7-rp8r-mg77"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["GHSA-8cp7-rp8r-mg77"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-944r-f4rv-hqa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50647?format=json","vulnerability_id":"VCID-98q9-br8r-b3c1","summary":"OpenClaw affected by iMessage remote attachment SCP hardening (strict host-key checks and remoteHost validation)\nRemote iMessage attachment fetches used SCP with trust-on-first-use host-key behavior and accepted unvalidated remote host tokens.\n\nBefore the fix:\n- SCP used `StrictHostKeyChecking=accept-new` in the remote attachment path.\n- `channels.imessage.remoteHost` was not validated as a strict SSH host token.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/49d0def6d1e88f002026b1d2a35aa615d48a751a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/49d0def6d1e88f002026b1d2a35aa615d48a751a"},{"reference_url":"https://github.com/advisories/GHSA-2mc2-g238-722j","reference_id":"GHSA-2mc2-g238-722j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2mc2-g238-722j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2mc2-g238-722j","reference_id":"GHSA-2mc2-g238-722j","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2mc2-g238-722j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["GHSA-2mc2-g238-722j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98q9-br8r-b3c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50529?format=json","vulnerability_id":"VCID-b2ua-kc68-xkgj","summary":"OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling\nOpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated `gateway.cmd` files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task runs.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/280c6b117b2f0e24f398e5219048cd4cc3b82396","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/280c6b117b2f0e24f398e5219048cd4cc3b82396"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-local-command-injection-via-unsafe-cmd-argument-handling-in-windows-scheduled-task","reference_id":"","reference_type":"","scores":[],"url":"https://www.vulncheck.com/advisories/openclaw-local-command-injection-via-unsafe-cmd-argument-handling-in-windows-scheduled-task"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31994","reference_id":"CVE-2026-31994","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31994"},{"reference_url":"https://github.com/advisories/GHSA-mqr9-vqhq-3jxw","reference_id":"GHSA-mqr9-vqhq-3jxw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mqr9-vqhq-3jxw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mqr9-vqhq-3jxw","reference_id":"GHSA-mqr9-vqhq-3jxw","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mqr9-vqhq-3jxw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-31994","GHSA-mqr9-vqhq-3jxw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b2ua-kc68-xkgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50618?format=json","vulnerability_id":"VCID-ct6t-c3vp-4ydg","summary":"OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks\n`tools.exec.safeBins` allowlist checks could be bypassed by PATH-hijacked binaries, allowing execution of attacker-controlled trojan binaries under an allowlisted executable name.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/28bac46c92069dc728524fbf383024c1b64e5c23","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/28bac46c92069dc728524fbf383024c1b64e5c23"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-path-hijacking-bypass-in-tools-exec-safebins-allowlist-validation","reference_id":"","reference_type":"","scores":[],"url":"https://www.vulncheck.com/advisories/openclaw-path-hijacking-bypass-in-tools-exec-safebins-allowlist-validation"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32015","reference_id":"CVE-2026-32015","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32015"},{"reference_url":"https://github.com/advisories/GHSA-g75x-8qqm-2vxp","reference_id":"GHSA-g75x-8qqm-2vxp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g75x-8qqm-2vxp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g75x-8qqm-2vxp","reference_id":"GHSA-g75x-8qqm-2vxp","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g75x-8qqm-2vxp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-32015","GHSA-g75x-8qqm-2vxp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ct6t-c3vp-4ydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50555?format=json","vulnerability_id":"VCID-dzzs-swfj-jqch","summary":"OpenClaw's serialize sandbox registry writes to prevent races and delete-rollback corruption\nConcurrent `updateRegistry`/`removeRegistryEntry` operations for sandbox containers and browsers could lose updates or resurrect removed entries under race conditions.\n\nThe registry writes were read-modify-write in a window with no locking and permissive fallback parsing, so concurrent registry updates could produce stale snapshots and overwrite each other.\n\nThat desyncs sandbox state and can affect `sandbox list`, `sandbox prune`, and `sandbox recreate --all` behavior.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/cc29be8c9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/cc29be8c9"},{"reference_url":"https://github.com/openclaw/openclaw/commit/cc29be8c9bcdfaecb90f0ab13124c8f5362a6741","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/cc29be8c9bcdfaecb90f0ab13124c8f5362a6741"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-race-condition-in-sandbox-registry-write-operations","reference_id":"","reference_type":"","scores":[],"url":"https://www.vulncheck.com/advisories/openclaw-race-condition-in-sandbox-registry-write-operations"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32018","reference_id":"CVE-2026-32018","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32018"},{"reference_url":"https://github.com/advisories/GHSA-gq83-8q7q-9hfx","reference_id":"GHSA-gq83-8q7q-9hfx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gq83-8q7q-9hfx"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gq83-8q7q-9hfx","reference_id":"GHSA-gq83-8q7q-9hfx","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gq83-8q7q-9hfx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-32018","GHSA-gq83-8q7q-9hfx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzzs-swfj-jqch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50577?format=json","vulnerability_id":"VCID-e6vw-nk4b-nyed","summary":"OpenClaw plugin runtime command execution is part of trusted plugin boundary\nOpenClaw plugins/extensions run in-process and are treated as trusted code. This advisory tracks trust-boundary clarification around plugin runtime command execution (`runtime.system.runCommandWithTimeout`).","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2e421f32dfc589c02706265fd3c3137ffc06c4b1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/2e421f32dfc589c02706265fd3c3137ffc06c4b1"},{"reference_url":"https://github.com/advisories/GHSA-ff98-w8hj-qrxf","reference_id":"GHSA-ff98-w8hj-qrxf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ff98-w8hj-qrxf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-ff98-w8hj-qrxf","reference_id":"GHSA-ff98-w8hj-qrxf","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-ff98-w8hj-qrxf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["GHSA-ff98-w8hj-qrxf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6vw-nk4b-nyed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50276?format=json","vulnerability_id":"VCID-kq6j-fxgz-87gw","summary":"OpenClaw hardened cron webhook delivery against SSRF\n## Affected Packages / Versions\n\n- `openclaw` npm package versions `<= 2026.2.17`.\n\n## Vulnerability\nCron webhook delivery in `src/gateway/server-cron.ts` used `fetch()` directly, so webhook targets could reach private/metadata/internal endpoints without SSRF policy checks.\n\n## Fix Commit(s)\n- `99db4d13e`\n- `35851cdaf`\n\nThanks @Adam55A-code for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/99db4d13e5c139883ef0def9ff963e9273179655","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/99db4d13e5c139883ef0def9ff963e9273179655"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.2.19","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.2.19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27488","reference_id":"CVE-2026-27488","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27488"},{"reference_url":"https://github.com/advisories/GHSA-w45g-5746-x9fp","reference_id":"GHSA-w45g-5746-x9fp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w45g-5746-x9fp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w45g-5746-x9fp","reference_id":"GHSA-w45g-5746-x9fp","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w45g-5746-x9fp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-27488","GHSA-w45g-5746-x9fp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kq6j-fxgz-87gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50487?format=json","vulnerability_id":"VCID-m1qu-4h8f-6udw","summary":"OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction\n`extensions/feishu/src/bot.ts` constructed `new RegExp()` directly from Feishu mention metadata (`mention.name`, `mention.key`) in `stripBotMention()` without escaping regex metacharacters.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/74268489137510b6f6349919d1e197b17290d92c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/74268489137510b6f6349919d1e197b17290d92c"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7e67ab75cc2f0e93569d12fecd1411c2961fcc8c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/7e67ab75cc2f0e93569d12fecd1411c2961fcc8c"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-redos-and-regex-injection-via-unescaped-feishu-mention-metadata","reference_id":"","reference_type":"","scores":[],"url":"https://www.vulncheck.com/advisories/openclaw-redos-and-regex-injection-via-unescaped-feishu-mention-metadata"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22178","reference_id":"CVE-2026-22178","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22178"},{"reference_url":"https://github.com/advisories/GHSA-c6hr-w26q-c636","reference_id":"GHSA-c6hr-w26q-c636","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c6hr-w26q-c636"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c6hr-w26q-c636","reference_id":"GHSA-c6hr-w26q-c636","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c6hr-w26q-c636"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-22178","GHSA-c6hr-w26q-c636"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1qu-4h8f-6udw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50651?format=json","vulnerability_id":"VCID-nz4n-xd33-63am","summary":"OpenClaw has auth inconsistency on local Browser Extension Relay /extension endpoint\nWhen the optional Chrome extension relay is enabled, `/extension` accepted unauthenticated WebSocket upgrades while `/json/*` and `/cdp` required auth.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7e54b6c96feb1a5c30884f2b32037b8dadd0e532","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/7e54b6c96feb1a5c30884f2b32037b8dadd0e532"},{"reference_url":"https://github.com/advisories/GHSA-pfv7-rr5m-qmv6","reference_id":"GHSA-pfv7-rr5m-qmv6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pfv7-rr5m-qmv6"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-pfv7-rr5m-qmv6","reference_id":"GHSA-pfv7-rr5m-qmv6","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-pfv7-rr5m-qmv6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["GHSA-pfv7-rr5m-qmv6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nz4n-xd33-63am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50286?format=json","vulnerability_id":"VCID-ppsm-b5qs-23f6","summary":"OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs\n- Local ACP sessions may become less responsive when very large prompts are submitted\n- Larger-than-expected model usage/cost when oversized text is forwarded\n- No privilege escalation and no direct remote attack path in the default ACP model","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c"},{"reference_url":"https://github.com/openclaw/openclaw/commit/8ae2d5110f6ceadef73822aa3db194fb60d2ba68","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/8ae2d5110f6ceadef73822aa3db194fb60d2ba68"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ebcf19746f5c500a41817e03abecadea8655654a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/ebcf19746f5c500a41817e03abecadea8655654a"},{"reference_url":"https://github.com/openclaw/openclaw/releases/tag/v2026.2.19","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.2.19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27576","reference_id":"CVE-2026-27576","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27576"},{"reference_url":"https://github.com/advisories/GHSA-cxpw-2g23-2vgw","reference_id":"GHSA-cxpw-2g23-2vgw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cxpw-2g23-2vgw"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cxpw-2g23-2vgw","reference_id":"GHSA-cxpw-2g23-2vgw","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cxpw-2g23-2vgw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-27576","GHSA-cxpw-2g23-2vgw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ppsm-b5qs-23f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50611?format=json","vulnerability_id":"VCID-qkne-9qte-6bev","summary":"OpenClaw exec allowlist safeBins short-option bypass could permit arbitrary file write\nOpenClaw `exec` allowlist/safeBins policy could be bypassed with attached short-option payloads (for example `sort -o/tmp/poc`), enabling file-write operations while still satisfying safeBins checks.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754"},{"reference_url":"https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc"},{"reference_url":"https://github.com/openclaw/openclaw/commit/fec48a5006eab37c6a5821726ccaeec886486b13","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/fec48a5006eab37c6a5821726ccaeec886486b13"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-short-option-bypass-in-exec-allowlist","reference_id":"","reference_type":"","scores":[],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-short-option-bypass-in-exec-allowlist"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32017","reference_id":"CVE-2026-32017","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32017"},{"reference_url":"https://github.com/advisories/GHSA-3x3x-h76w-hp98","reference_id":"GHSA-3x3x-h76w-hp98","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3x3x-h76w-hp98"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3x3x-h76w-hp98","reference_id":"GHSA-3x3x-h76w-hp98","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-3x3x-h76w-hp98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-32017","GHSA-3x3x-h76w-hp98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkne-9qte-6bev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50254?format=json","vulnerability_id":"VCID-sf68-9pef-a7dx","summary":"OpenClaw safeBins file-existence oracle information disclosure\nAn information disclosure vulnerability in OpenClaw's `tools.exec.safeBins` approval flow allowed a file-existence oracle.\n\nWhen safe-bin validation examined candidate file paths, command allow/deny behavior could differ based on whether a path already existed on the host filesystem. An attacker could probe for file presence by comparing outcomes for existing vs non-existing filenames.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4040","reference_id":"CVE-2026-4040","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4040"},{"reference_url":"https://github.com/advisories/GHSA-6c9j-x93c-rw6j","reference_id":"GHSA-6c9j-x93c-rw6j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6c9j-x93c-rw6j"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j","reference_id":"GHSA-6c9j-x93c-rw6j","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-4040","GHSA-6c9j-x93c-rw6j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sf68-9pef-a7dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50567?format=json","vulnerability_id":"VCID-t4q7-dgjk-nyef","summary":"OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation\nA command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into `gateway.cmd` using unquoted `set KEY=VALUE`, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment context.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/dafe52e8cf1a041d898cfb304a485fa05e5f58fb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/dafe52e8cf1a041d898cfb304a485fa05e5f58fb"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-command-injection-via-unescaped-environment-variables-in-windows-scheduled-task","reference_id":"","reference_type":"","scores":[],"url":"https://www.vulncheck.com/advisories/openclaw-command-injection-via-unescaped-environment-variables-in-windows-scheduled-task"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22176","reference_id":"CVE-2026-22176","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22176"},{"reference_url":"https://github.com/advisories/GHSA-pj5x-38rw-6fph","reference_id":"GHSA-pj5x-38rw-6fph","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pj5x-38rw-6fph"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-pj5x-38rw-6fph","reference_id":"GHSA-pj5x-38rw-6fph","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-pj5x-38rw-6fph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-22176","GHSA-pj5x-38rw-6fph"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4q7-dgjk-nyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50614?format=json","vulnerability_id":"VCID-xrcg-kjac-nyeb","summary":"OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path\nOn Windows, the Lobster extension previously retried certain spawn failures (`ENOENT`/`EINVAL`) with `shell: true` for wrapper compatibility. In that fallback path, tool-provided arguments could be interpreted by `cmd.exe` if fallback was triggered.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/ba7be018da354ea9f803ed356d20464df0437916","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/ba7be018da354ea9f803ed356d20464df0437916"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-command-injection-via-windows-shell-fallback-in-lobster-extension","reference_id":"","reference_type":"","scores":[],"url":"https://www.vulncheck.com/advisories/openclaw-command-injection-via-windows-shell-fallback-in-lobster-extension"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31995","reference_id":"CVE-2026-31995","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31995"},{"reference_url":"https://github.com/advisories/GHSA-fg3m-vhrr-8gj6","reference_id":"GHSA-fg3m-vhrr-8gj6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fg3m-vhrr-8gj6"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fg3m-vhrr-8gj6","reference_id":"GHSA-fg3m-vhrr-8gj6","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fg3m-vhrr-8gj6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-31995","GHSA-fg3m-vhrr-8gj6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xrcg-kjac-nyeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50697?format=json","vulnerability_id":"VCID-y7pk-hj2p-jbgb","summary":"ZDI-CAN-29311: OpenClaw Canvas Authentication Bypass Vulnerability\n\n-- ABSTRACT -------------------------------------\n\nTrend Micro's Zero Day Initiative has identified a vulnerability affecting the following products:\nOpenClaw - OpenClaw\n\n-- VULNERABILITY DETAILS ------------------------\n* Version tested: openclaw 2026.2.17\n* Platform tested: macOS 26.3\n\n---","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c45f3c5b004c8d63dc0e282e2176f8c9355d24f1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/c45f3c5b004c8d63dc0e282e2176f8c9355d24f1"},{"reference_url":"https://github.com/advisories/GHSA-vvjh-f6p9-5vcf","reference_id":"GHSA-vvjh-f6p9-5vcf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vvjh-f6p9-5vcf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vvjh-f6p9-5vcf","reference_id":"GHSA-vvjh-f6p9-5vcf","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vvjh-f6p9-5vcf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["GHSA-vvjh-f6p9-5vcf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7pk-hj2p-jbgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50605?format=json","vulnerability_id":"VCID-z6fq-a91m-6fa3","summary":"OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia\nWhen iMessage remote attachment fetching is enabled (`channels.imessage.remoteHost`), `stageSandboxMedia` accepted arbitrary absolute paths and used SCP to copy them into local staging.\n\nIf a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the remote host can be staged.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/commit/1316e5740382926e45a42097b4bfe0aef7d63e8e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/commit/1316e5740382926e45a42097b4bfe0aef7d63e8e"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-sensitive-file-disclosure-via-stagesandboxmedia-path-traversal","reference_id":"","reference_type":"","scores":[],"url":"https://www.vulncheck.com/advisories/openclaw-sensitive-file-disclosure-via-stagesandboxmedia-path-traversal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32030","reference_id":"CVE-2026-32030","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32030"},{"reference_url":"https://github.com/advisories/GHSA-x9cf-3w63-rpq9","reference_id":"GHSA-x9cf-3w63-rpq9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x9cf-3w63-rpq9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x9cf-3w63-rpq9","reference_id":"GHSA-x9cf-3w63-rpq9","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x9cf-3w63-rpq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74146?format=json","purl":"pkg:npm/openclaw@2026.2.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}],"aliases":["CVE-2026-32030","GHSA-x9cf-3w63-rpq9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6fq-a91m-6fa3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19"}