Malicious code in claw-subagent-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36657c2be433b784c573082d364304325acccf033f70df17dbfe104b0173ccbe claw-subagent-service installs itself as a privileged auto-starting system service Windows service via post-install.js svc.install, with documented...

GHSA-P4X4-2R7F-WJXG OpenClaw gateway exec allow-always over-trusts positional carrier executables

Summary Allow-always persistence could trust wrapper carrier executables instead of the actual invoked target when commands were routed through dispatch wrappers. Impact A one-time approval could persist a broader future allowlist entry than the operator intended, weakening execution approval...

GHSA-6XG4-82HV-CP6F OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing

Summary ACP-only provenance fields in chat.send were gated by self-declared client metadata from the WebSocket handshake rather than verified authorization state. Impact A normal authenticated operator client could spoof ACP identity labels and inject reserved provenance fields intended only for...

OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`

Summary The chat.send path let authorized write-scoped callers persist /verbose session overrides even though the same stored session mutation is admin-only through sessions.patch. Impact A write-scoped gateway caller could persist verbose output for later runs and expose more reasoning or tool...

OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades

Summary The gateway accepted unbounded concurrent unauthenticated WebSocket upgrades before allocating them to an authenticated session budget. Impact An unauthenticated network attacker could consume socket and worker capacity and disrupt WebSocket availability for legitimate clients. Affected...

CVE-2026-32036

OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded travers...

CVE-2026-32036

OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded travers...

OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes

Summary A logic flaw in the OpenClaw gateway WebSocket connect path allowed certain device-less shared-token or password-authenticated backend connections to keep client-declared scopes without server-side binding. A shared-authenticated client could present elevated scopes such as operator.admin...

CVE-2026-28472

OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...

CVE-2026-28466

OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject...

CVE-2026-28456

OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the gateway plugin authentication. An attacker can gain unauthorized access to protected API channel routes by sending requests with encoded dot-segment traversal ...

GHSA-943Q-MWMV-HHVH OpenClaw: Gateway /tools/invoke tool escalation + ACP permission auto-approval

Summary OpenClaw Gateway exposes an authenticated HTTP endpoint POST /tools/invoke intended for invoking a constrained set of tools. Two issues could combine to significantly increase blast radius in misconfigured or exposed deployments: - The HTTP gateway layer did not deny high-risk session...

GHSA-JQ4X-98M3-GGQ6 OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

ZDI-CAN-29312: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability -- ABSTRACT ------------------------------------- Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: OpenClaw - OpenClaw -- VULNERABILITY DETAILS...