22 matches found
CVE-2026-59828
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...
CVE-2026-53962
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...
PT-2026-49772
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.2 Description An inline-eval bypass allows authenticated operators to weaken strict allowlist checks using shell positional parameters. By combining allowlisted tools with shell positional arguments, attackers...
OpenClaw: Slack thread context could include messages from non-allowlisted senders
Summary Before OpenClaw 2026.4.2, Slack thread starter and thread-history context fetched through the API was not filtered by the effective sender allowlist. Messages from non-allowlisted senders could still enter the agent context when an allowlisted user replied in the same thread. Impact A Sla...
@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +20 more potentially affected by CVE-2026-45002 via openclaw (>=2026.3.22 <=2026.4.2)
openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 - @xmoxmo/bncr =0.0.8 - morpho-vault-manager =0.1.0 and more Source cves: CVE-2026-45002 Source advisory: SNYK:JS-OPENCLAW-16298048...
@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +20 more potentially affected by CVE-2026-41909 via openclaw (>=2026.3.22 <=2026.4.2)
openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 - @xmoxmo/bncr =0.0.8 - morpho-vault-manager =0.1.0 and more Source cves: CVE-2026-41909 Source advisory: SNYK:JS-OPENCLAW-16206119...
CVE-2026-41354
OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers can exploit weak deduplication scoping to cause silent message suppression and disrupt bot workflows...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from insufficient scope in the Zalo webhook replay de-duplication key, allowing legitimate events from...
EUVD-2026-23995
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...
GHSA-CCX3-FW7Q-RR2R OpenClaw: Multiple Code Paths Missing Base64 Pre-Allocation Size Checks
Impact Multiple Code Paths Missing Base64 Pre-Allocation Size Checks. Several base64 decode paths could allocate before enforcing decoded-size limits. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service...
OpenClaw: Shared-secret comparison call sites leaked length information through timing
Summary Before OpenClaw 2026.4.2, several shared-secret comparison call sites still used early length-mismatch checks instead of the shared fixed-length comparison helper. Those paths could leak secret-length information through measurable timing differences. Impact The affected paths exposed a...
GHSA-JJ6Q-RRRF-H66H OpenClaw: Shared-secret comparison call sites leaked length information through timing
Summary Before OpenClaw 2026.4.2, several shared-secret comparison call sites still used early length-mismatch checks instead of the shared fixed-length comparison helper. Those paths could leak secret-length information through measurable timing differences. Impact The affected paths exposed a...
Improper Input Validation
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Input Validation via the CDP discovery process. An attacker can redirect authenticated browser control to a localhost-resolving endpoint by crafting a discovery response with a...
Improper Handling of Case Sensitivity
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to inconsistent normalization of environment override keys between approval binding and execution time. An attacker can inject unauthorized...
GHSA-98CH-45WP-CH47 OpenClaw: Windows-compatible env override keys could bypass system.run approval binding
Summary Before OpenClaw 2026.4.2, system-run approval binding normalized environment override keys differently from host execution. Windows-compatible keys could be omitted from the approval binding while still being injected at execution time. Impact An approved command could run with...
OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
Summary Before OpenClaw 2026.4.2, the Gateway connect success snapshot exposed local configPath and stateDir metadata to non-admin clients. Low-privilege authenticated clients could learn host filesystem layout and deployment details that were not needed for their role. Impact A non-admin client...
OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup
Summary Before OpenClaw 2026.4.2, built-in channel setup and login could resolve an untrusted workspace channel shadow before the plugin was explicitly trusted. A malicious workspace plugin that claimed a bundled channel id could execute during channel setup even while still disabled. Impact A...
GHSA-4P4F-FC8Q-84M3 OpenClaw: iOS A2UI bridge trusted generic local-network pages for agent.request dispatch
Summary Before OpenClaw 2026.4.2, the iOS A2UI bridge treated generic local-network pages as trusted bridge origins. A page loaded from a local-network or tailnet host could trigger agent.request dispatch without the stricter trusted-canvas origin check. Impact A loaded attacker-controlled page...
OpenClaw: OpenShell mirror mode could delete arbitrary remote directories when roots were mis-scoped
Summary Before OpenClaw 2026.4.2, the OpenShell mirror backend accepted arbitrary absolute remoteWorkspaceDir and remoteAgentWorkspaceDir values. In mirror mode, those paths were then used as the target of remote cleanup and overwrite operations. Impact If an attacker could influence those...
OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter
Summary Before OpenClaw 2026.4.2, the Gemini OAuth flow reused the PKCE verifier as the OAuth state value. Because the provider reflected state back in the redirect URL, the verifier could be exposed alongside the authorization code. Impact Anyone who could capture the redirect URL could learn bo...