17 matches found
CVE-2026-27008
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
CVE-2026-27003
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...
CVE-2026-27008
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
CVE-2026-27003 OpenClaw: Telegram bot token exposure via logs
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...
CVE-2026-27003
OpenClaw (npm package) is affected by CVE-2026-27003. The vulnerability stems from logging Telegram bot tokens in error messages/stack traces due to insufficient redaction, which can lead to token disclosure. Affected versions are = 2026.2.15 and rotate any bot tokens that may have been exposed. ...
CVE-2026-27003
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...
CVE-2026-27003 OpenClaw: Telegram bot token exposure via logs
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...
CVE-2026-27002
OpenClaw CVE-2026-27002 describes a configuration injection issue in the Docker tool sandbox that could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container escape or host data access. Affected software: OpenClaw prior to version 202...
CVE-2026-27001 OpenClaw: Unsanitized CWD path injection into LLM prompts
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example...
CVE-2026-27001 OpenClaw: Unsanitized CWD path injection into LLM prompts
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example...
CVE-2026-27001
OpenClaw (npm package) before version 2026.2.15 embeds the current working directory (workspace path) into the agent system prompt without sanitization. If the directory name contains control/format characters (e.g., newlines, Unicode bidi/zero-width markers), an attacker could craft inputs to br...
CVE-2026-27001 OpenClaw: Unsanitized CWD path injection into LLM prompts
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example...
PT-2026-20968
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, normalizeForHash in src/agents/sandbox/config-hash.ts recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw...
PT-2026-20906
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
PT-2026-20791
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description The application logs Telegram bot tokens without redaction when they appear in error messages or stack traces, such as in request URLs including https://api.telegram.org/bot/.... This can lead t...
PT-2026-20792
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A stored Cross-Site Scripting XSS issue exists in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline tag without proper escaping. A crafted value containing cou...
PT-2026-20963
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description OpenClaw embedded the current working directory workspace path into the agent system prompt without proper sanitization. An attacker could potentially exploit this by creating a directory with...