EUVD-2026-25943

OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...

PT-2026-35551

OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during upload image operations to read arbitrary files outside...

CVE-2026-35651 OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...

OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config

Summary Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real shipped malicious-workspace-config env injection in the CLI backend runner, fixed by sanitizing backend...

GHSA-VFW7-6RHC-6XXG OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config

Summary Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real shipped malicious-workspace-config env injection in the CLI backend runner, fixed by sanitizing backend...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +10 more potentially affected by CVE-2026-41375 via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 Source cves: CVE-2026-41375 Source advisory: SNYK:JS-OPENCLAW-15929025...

GHSA-F6PF-4GJX-C94R OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read

Summary OpenClaw = 2026.3.28 - First stable tag containing the fix: v2026.3.28 Fix Commits - 4797bbc5b96e2cca5532e43b58915c051746fe37 — 2026-03-25T13:35:16-06:00 Release Process Note - The fix is already present in released version 2026.3.28...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +10 more potentially affected by CVE-2026-41368 via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 Source cves: CVE-2026-41368 Source advisory: SNYK:JS-OPENCLAW-15865290...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +10 more potentially affected by CVE-2026-41395 via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 Source cves: CVE-2026-41395 Source advisory: SNYK:JS-OPENCLAW-15865845...

@agentholdings/agent-passport (=0.1.0), @flomesh/ztm-chat (>=2026.3.25 <=2026.3.26) +10 more potentially affected by CVE-2026-35667 via openclaw (>=0.0.1 <=2026.3.24-beta.2)

openclaw NPM version =0.0.1, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =3.3.2, =3.3.7 Source cves: CVE-2026-35667 Source advisory: OSV:GHSA-3298-56P6-RPW2...

OpenClaw has ACP CLI approval prompt ANSI escape sequence injection

Summary ACP CLI approval prompt ANSI escape sequence injection Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.2.13, = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details ACP tool titles could previously...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +10 more potentially affected by CVE-2026-35645 via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 Source cves: CVE-2026-35645 Source advisory: SNYK:JS-OPENCLAW-15812229...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +11 more potentially affected by CVE-2026-35640 via openclaw (>=0.0.1 <=2026.3.24)

openclaw NPM version =0.0.1, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =3.3.2, =3.3.7 Source cves: CVE-2026-35640 Source advisory: OSV:GHSA-3H52-CX59-C456...

OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName

Summary Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Google Chat group...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +10 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 Source cves: unknown CVE Source advisory: OSV:GHSA-Q2QC-744P-66R2...

GHSA-QM2M-28PF-HGJW OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers

Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway-authenticated plugin...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +11 more potentially affected by CVE-2026-35669 via openclaw (>=0.0.1 <=2026.3.24)

openclaw NPM version =0.0.1, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =3.3.2, =3.3.7 Source cves: CVE-2026-35669 Source advisory: OSV:GHSA-QM2M-28PF-HGJW...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +10 more potentially affected by CVE-2026-35625 via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 Source cves: CVE-2026-35625 Source advisory: SNYK:JS-OPENCLAW-15797943...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +10 more potentially affected by CVE-2026-35663 via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 Source cves: CVE-2026-35663 Source advisory: SNYK:JS-OPENCLAW-15797938...

OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin

Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Backend-labeled...