Missing Authorization

Overview @openclaw/qqbot is an OpenClaw QQ Bot channel plugin for group and direct-message workflows. Affected versions of this package are vulnerable to Missing Authorization in the QQBot native approval buttons process. An attacker can gain unauthorized access to resolve pending exec or plugin...

Malicious code in @openclaw-cn/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85fb1bd455a85140d13ec5cb826c0f8c6164c87a6eeacd72f7fc525440b76f24 The package @openclaw-cn/libsignal was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3843 Malicious code in @openclaw-cn/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85fb1bd455a85140d13ec5cb826c0f8c6164c87a6eeacd72f7fc525440b76f24 The package @openclaw-cn/libsignal was found to contain malicious code. Source: ghsa-malware...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +15 more potentially affected by CVE-2026-40045 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.8 and more Source cves: CVE-2026-40045 Source advisory: SNYK:JS-OPENCLAW-16115370...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by CVE-2026-43584 via openclaw (>=0.0.1 <=2026.4.1)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =3.3.2, =3.3.7 Source cves: CVE-2026-43584 Source advisory: OSV:GHSA-VFP4-8X56-J7C5...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the validateScriptFileForShellBleed function. An attacker can cause the preflight analysis to inspect a different file than the one tha...

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +21 more potentially affected by CVE-2026-42427 via openclaw (>=2026.3.22 <=2026.4.5)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-42427 Source advisory: SNYK:JS-OPENCLAW-15967230...

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the exec allowlist component. An attacker can execute unauthorized scripts by leveraging shell init-file options such as --rcfile, --init-file, or...

Incorrect Authorization

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization via the uploadimage process in the Feishu extension. An attacker can access arbitrary files outside the intended...

@agentholdings/agent-passport (=0.1.0), @flomesh/ztm-chat (>=2026.3.25 <=2026.3.26) +8 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.23)

openclaw NPM version =2026.3.22, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =0.0.7, =0.14.6, =0.15.0 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15857122...

@agentholdings/agent-passport (=0.1.0), @flomesh/ztm-chat (>=2026.3.25 <=2026.3.26) +10 more potentially affected by CVE-2026-35667 via openclaw (>=0.0.1 <=2026.3.24-beta.2)

openclaw NPM version =0.0.1, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =3.3.2, =3.3.7 Source cves: CVE-2026-35667 Source advisory: OSV:GHSA-3298-56P6-RPW2...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the deleteSession process. An attacker can gain unauthorized access to privileged operations by exploiting the fallback mechanism that assigns a synthetic...

Improper Authorization

Overview @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Improper Authorization in the webhook process. An attacker can gain unauthorized access to direct message policies by exploiting a path collision in the multi-accoun...

GHSA-CG6C-Q2HX-69H7 OpenClaw: Plivo V2 verified replay identity drifts on query-only variants

Summary Before v2026.3.23, the Plivo V2 verification path treated query-only variants of the same signed request as fresh verified work. Plivo V2 signatures authenticate baseUrl + nonce, but the replay key was derived from the full verification URL including the query string, so unsigned query-on...

CVE-2026-32897

OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to...

CVE-2026-32018

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data...

CVE-2026-32001

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the browser.request. An attacker can modify or create browser profiles and persist unauthorized configuration changes by sending crafted requests to profile...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the group allowlist authorization. An attacker can gain unauthorized group sender access by leveraging DM pairing-store entries to satisfy group allowlist check...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the ZIP extraction process. An attacker can cause files to be written outside the intended extraction directory by exploiting a race...