CVE-2026-4040

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

EUVD-2026-13308

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled. An attacker who can tamper with attachment path metadata can disclose files readable by the...

CVE-2026-32030

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled. An attacker who can tamper with attachment path metadata can disclose files readable by the...

GHSA-5GQG-MQH5-2V39 Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

GHSA-8PX5-2GFR-7PH6 Duplicate Advisory: OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fg3m-vhrr-8gj6. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's...

CVE-2026-31995

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true,...

CVE-2026-22178

OpenClaw vulnerable versions: prior to 2026.2.19. The issue arises in stripBotMention where RegExp objects are constructed from unescaped Feishu mention metadata, enabling regex injection and potential DoS. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to tr...

EUVD-2026-11563

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

GHSA-XJJ9-2W6F-JG55 Duplicate Advisory: OpenClaw safeBins file-existence oracle information disclosure

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6c9j-x93c-rw6j. This link is maintained to preserve external references. Original Description A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of th...

Duplicate Advisory: OpenClaw safeBins file-existence oracle information disclosure

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6c9j-x93c-rw6j. This link is maintained to preserve external references. Original Description A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of th...

EUVD-2026-11565

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

CVE-2026-4040

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

CVE-2026-4040

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

CVE-2026-4040

OpenClaw (up to 2026.2.17) contains a local-information-exposure vulnerability in the File Existence Handler, specifically in tools.exec.safeBins. Attack requires local access and can disclose partial information. A fix is available in 2026.2.19-beta.1 (patch id bafdbb6f112409a65decd3d4e7350fbd63...

CVE-2026-4039 OpenClaw Skill Env applySkillConfigenvOverrides code injection

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

PT-2026-24945

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

Reliance on IP Address for Authentication

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on IP Address for Authentication in the authorizeCanvasRequest process. An attacker can gain unauthorized access to canvas endpoints and sensitive interface content by sending HT...

Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Race Condition in the updateRegistry and removeRegistryEntry processes. An attacker can cause loss of updates or restoration of deleted entries by performing concurrent operations that...

Command Injection

Overview @openclaw/lobster is an Adds the lobster agent tool as an optional plugin tool. Affected versions of this package are vulnerable to Command Injection via the fallback process on Windows systems when certain spawn failures occur and shell: true is used. An attacker can execute arbitrary...

OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks

Summary tools.exec.safeBins allowlist checks could be bypassed by PATH-hijacked binaries, allowing execution of attacker-controlled trojan binaries under an allowlisted executable name. Affected Packages / Versions - Package: openclaw npm - Latest published version at triage time: 2026.2.17 -...