15 matches found
Duplicate Advisory: OpenClaw safeBins file-existence oracle information disclosure
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6c9j-x93c-rw6j. This link is maintained to preserve external references. Original Description A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of th...
CVE-2026-4039 OpenClaw Skill Env applySkillConfigenvOverrides code injection
A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...
PT-2026-24945
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...
Race Condition
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Race Condition in the updateRegistry and removeRegistryEntry processes. An attacker can cause loss of updates or restoration of deleted entries by performing concurrent operations that...
OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks
Summary tools.exec.safeBins allowlist checks could be bypassed by PATH-hijacked binaries, allowing execution of attacker-controlled trojan binaries under an allowlisted executable name. Affected Packages / Versions - Package: openclaw npm - Latest published version at triage time: 2026.2.17 -...
GHSA-PJ5X-38RW-6FPH OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...
GHSA-VJ3G-5PX3-GR46 OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()
Summary OpenClaw’s Feishu media download flow used untrusted Feishu media keys imageKey / fileKey when building temporary file paths in extensions/feishu/src/media.ts. Because those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redire...
CVE-2026-27576
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE...
CVE-2026-27576
OpenClaw: ACP prompt-size check vulnerability affecting local stdio bridge. Affected in 2026.2.17 and earlier; oversized prompt blocks can be assembled and forwarded to chat.send, impacting local ACP clients (e.g., IDE integrations). Mitigation: upgrade to 2026.2.19 (patched release).
CVE-2026-27576
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE...
CVE-2026-27576 OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE...
CVE-2026-27576 OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE...
CVE-2026-27488
OpenClaw contains a SSRF-related issue in Cron webhook delivery. In versions up to 2026.2.17, the fetch() call in src/gateway/server-cron.ts allowed webhook targets to reach private/metadata/internal endpoints without SSRF policy checks. The issue was fixed in version 2026.2.19; upgrading to 2026...
Server-side Request Forgery (SSRF)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the cron webhook delivery process. An attacker can access internal or private network resources by specifying malicious webhook...
PT-2026-21345
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.17 and below Description OpenClaw is a personal AI assistant. The ACP bridge component accepts excessively large prompt text blocks and constructs oversized prompt payloads before sending them to the chat.send function...