CVE-2026-32014

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...

CVE-2026-32036

OpenClaw gateway plugin (versions before 2026.2.26) is affected by a path traversal flaw in /api/channels that lets an attacker bypass route authentication by using encoded dot-segment traversal. The underlying issue arises when path normalization does not block alternate paths, enabling access t...

CVE-2026-32036 OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels

OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded travers...

CVE-2026-32036

OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded travers...

CVE-2026-32031

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending reques...

CVE-2026-32031

CVE-2026-32031 affects OpenClaw server-http prior to 2026.2.26. The issue is an authentication bypass in gateway authentication for plugin channel endpoints caused by a path canonicalization mismatch between the gateway guard and the plugin handler routing. This allows attackers to bypass authent...

CVE-2026-32014 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...

CVE-2026-32006 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers can send messages and reactions as DM-paired identities...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.26 contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass in the Signal group permission list policy, which could allow unauthorized acce...

GHSA-V8CG-4474-49V8 OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers

Summary Slack member and message subtype system events messagechanged, messagedeleted, threadbroadcast were not consistently enforcing sender authorization before enqueueing system events. Affected Packages / Versions - Package: openclaw npm - Latest published version: 2026.2.25 - Affected range:...

GHSA-QCC4-P59M-P54M OpenClaw: Sandbox dangling-symlink alias handling could bypass workspace-only write boundary

Summary A sandbox boundary-validation gap in symlink alias handling allowed certain workspace-only write paths to be treated as in-boundary even when they could resolve outside the workspace/sandbox root. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.25 - Late...

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the workspace path validation. An attacker can gain unauthorized access to files and potentially modify or create files outside the intended workspace boundary by...

OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback

Summary In [email protected], BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. A sender that was only DM-paired not explicitly present in groupAllowFrom could pass group sender check...

GHSA-MWXV-35WR-4VVJ OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths

Summary Gateway plugin route auth protection for /api/channels could be bypassed using encoded dot-segment traversal for example ..%2f in path variants that plugin handlers normalize. Affected Packages / Versions - Package: npm openclaw - Latest published vulnerable version: 2026.2.25 - Vulnerabl...

GHSA-R65X-2HQR-J5HF OpenClaw: Node reconnect metadata spoofing could bypass platform-based node command policy

Summary A paired node device could reconnect with spoofed platform/deviceFamily metadata and broaden node command policy eligibility because reconnect metadata was accepted from the client while these fields were not bound into the device-auth signature. Affected Packages / Versions - Package:...

PT-2026-26408

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.26 Description OpenClaw is affected by an authorization bypass issue where DM pairing-store identities are incorrectly eligible for group allowlist authorization checks. This cross-context authorization flaw...

PT-2026-26417

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.26 Description The OpenClaw gateway plugin contains a path traversal issue that allows remote attackers to bypass route authentication checks. This is achieved by manipulating the /api/channels paths with...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the group allowlist authorization. An attacker can gain unauthorized access to group communications by leveraging DM pairing-store approvals to bypass explicit...

GHSA-392F-GGF5-FP3C OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists

Summary A paired node could supply Unicode-confusable platform or deviceFamily metadata that passed metadata pinning but classified differently for command policy resolution, broadening default node command allowlists. Impact This is a policy-bypass issue within the paired-node trust boundary and...