@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +22 more potentially affected by CVE-2026-35630 via openclaw (>=2026.3.22 <=2026.4.9)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-35630 Source advisory: SNYK:JS-OPENCLAW-17099283...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the browser interaction routes. An attacker can access arbitrary files by bypassing navigation guards and leveraging browser act/evaluate interactions to pivot...

CVE-2026-42438 OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

EUVD-2026-27259

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

CVE-2026-42437 OpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...

EUVD-2026-27251

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.9 to 2026.4.10 contained a security vulnerability. This vulnerability stemmed from a denial-of-service attack in the real-time WebSocket path for voice calls. It was possible for a...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.9 to 2026.4.10 contained a security vulnerability. This vulnerability stemmed from a bypass of the sender policy in the outbound host media attachment reading assistant, which could...

OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads

Summary Browser interaction routes could pivot into local CDP and regain file reads. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact Browser act/evaluate interactions could trigger navigation into the local CDP origin and then create or rea...

OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins

Summary Workspace provider auth choices could auto-enable untrusted provider plugins. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact Non-interactive onboarding could select a provider auth choice shadowed by an untrusted workspace plugin,...

GHSA-C9H3-5P7R-MRJH OpenClaw: Discord event cover images bypassed sandbox media normalization

Summary Discord event cover images bypassed sandbox media normalization. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.7 = 2026.4.10 Impact Discord event cover image parameters could bypass the sandbox media normalization path used for outbound...

PT-2026-37016

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description An environment variable injection issue exists where malicious workspace .env files can set runtime-control variables. This allows attackers to inject variables that affect update sources, gatewa...

PT-2026-37010

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.9 through 2026.4.9 Description A sender policy bypass exists in the outbound host-media attachment read helper. This issue allows unauthorized local file disclosure when deployments allow host read or filesystem root...

PT-2026-37017

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.7 through 2026.4.9 Description Failure to normalize Discord event cover image parameters in sandbox media processing allows attackers to bypass media normalization. This enables the injection of host-local media...