CVE-2026-43566

OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when th...

CVE-2026-43527

OpenClaw is affected by CVE-2026-43527: before 2026.4.14, a server-side request forgery in the browser SSRF policy allows private-network navigation by default, enabling browser-driven requests to internal services or metadata endpoints. Impact is confined to what the vendor notes; exploitability...

OpenClaw: Browser tabs action select and close routes bypassed SSRF policy

Summary Browser tabs action select and close routes bypassed SSRF policy. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The browser /tabs/action select and close branches could operate on targets without enforcing configured browser SSRF...

GHSA-C9H3-5P7R-MRJH OpenClaw: Discord event cover images bypassed sandbox media normalization

Summary Discord event cover images bypassed sandbox media normalization. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.7 = 2026.4.10 Impact Discord event cover image parameters could bypass the sandbox media normalization path used for outbound...

GHSA-GC9R-867R-J85F OpenClaw: Microsoft Teams SSO invoke handler missed sender authorization checks

Summary Microsoft Teams SSO invoke handler missed sender authorization checks. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 = 2026.4.14 Impact Microsoft Teams SSO signin invoke handling could process an invoke from a sender before applying the...

GHSA-G2HM-779G-VM32 OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events

Summary Heartbeat owner downgrade missed untrusted webhook wake events. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.7 = 2026.4.14 Impact Heartbeat owner downgrade logic could skip webhook wake events carrying untrusted content, preserving...

OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation

Summary Browser snapshot and screenshot routes could expose internal page content after navigation. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Authenticated browser tool callers could use snapshot, screenshot, or tab routes that did n...

OpenClaw: Collect-mode queue batches could reuse the last sender authorization context

Summary Collect-mode queue batches could reuse the last sender authorization context. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Collect-mode queued messages from different senders could be drained as one batch using the final sender'...

PT-2026-37008

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description Improper access control in browser snapshot, screenshot, and tab routes allows authenticated callers to bypass Server-Side Request Forgery SSRF restrictions. This occurs because the system fails...

PT-2026-37021

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.7 through 2026.4.13 Description A privilege escalation issue exists where the heartbeat owner downgrade logic fails to account for webhook wake events containing untrusted content. This allows attackers to send untrust...