25 matches found
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through the sessions.reset entry point. An attacker can reset targeted conversation state by issuing specially crafted slash commands that exploit insufficient sco...
CVE-2026-27008
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
CVE-2026-27003
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...
CVE-2026-27008 OpenClaw hardened the skill download target directory validation
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
CVE-2026-27008
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
CVE-2026-27003
OpenClaw (npm package) is affected by CVE-2026-27003. The vulnerability stems from logging Telegram bot tokens in error messages/stack traces due to insufficient redaction, which can lead to token disclosure. Affected versions are = 2026.2.15 and rotate any bot tokens that may have been exposed. ...
CVE-2026-27003 OpenClaw: Telegram bot token exposure via logs
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...
CVE-2026-27003 OpenClaw: Telegram bot token exposure via logs
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...
CVE-2026-27003
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...
CVE-2026-27002
OpenClaw CVE-2026-27002 describes a configuration injection issue in the Docker tool sandbox that could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container escape or host data access. Affected software: OpenClaw prior to version 202...
CVE-2026-27001 OpenClaw: Unsanitized CWD path injection into LLM prompts
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example...
CVE-2026-27001 OpenClaw: Unsanitized CWD path injection into LLM prompts
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example...
CVE-2026-27001
OpenClaw (npm package) before version 2026.2.15 embeds the current working directory (workspace path) into the agent system prompt without sanitization. If the directory name contains control/format characters (e.g., newlines, Unicode bidi/zero-width markers), an attacker could craft inputs to br...
CVE-2026-27001 OpenClaw: Unsanitized CWD path injection into LLM prompts
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example...
Use of Weak Hash
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of Weak Hash due to the use of SHA-1 in the process that generates sandbox identifier cache keys for Docker or browser sandbox configuration. An attacker can cause one configuration t...
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the webfetch tool. An attacker can cause the application to exhaust system memory or become unresponsive by tricking a user or...
PT-2026-20968
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, normalizeForHash in src/agents/sandbox/config-hash.ts recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw...
PT-2026-20906
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
Origin Validation Error
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error in the sessionslist, sessionshistory, and sessionssend tools. An attacker can access sensitive transcript content from peer sessions by exploiting insufficient...
OpenClaw: Telegram bot token exposure via logs
Vulnerability Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... OpenClaw previously logged these strings without redaction, which could leak the bot token into logs, crash reports, CI output, or support...