PT-2026-33862

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths

Summary The QMD backend memoryget read path accepted arbitrary workspace Markdown paths that were inside the workspace but outside the canonical memory locations or indexed QMD result set. Impact When the QMD backend was enabled, a caller with access to memoryget could read arbitrary .md files...

GHSA-F934-5RQF-XX47 OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths

Summary The QMD backend memoryget read path accepted arbitrary workspace Markdown paths that were inside the workspace but outside the canonical memory locations or indexed QMD result set. Impact When the QMD backend was enabled, a caller with access to memoryget could read arbitrary .md files...

OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins

Summary Workspace provider auth choices could auto-enable untrusted provider plugins. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact Non-interactive onboarding could select a provider auth choice shadowed by an untrusted workspace plugin,...

OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows

Summary Channel setup catalog lookups could include untrusted workspace plugin shadows. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Channel setup could resolve a workspace plugin shadow before a bundled channel plugin, causing setup-ti...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the channel setup. An attacker can gain unauthorized access to privileged plugin functionality by introducing untrusted workspace plugin shadows that are resolved...

GHSA-82QX-6VJ7-P8M2 OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows

Summary Channel setup catalog lookups could include untrusted workspace plugin shadows. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Channel setup could resolve a workspace plugin shadow before a bundled channel plugin, causing setup-ti...

OpenClaw: screen_record outPath bypassed workspace-only filesystem guard

Summary screenrecord outPath bypassed workspace-only filesystem guard. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The node-host screen recording tool could honor an outPath outside the workspace guard, allowing an authorized tool call...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via improper validation of the outPath parameter in the screen recording. An attacker can write files outside the intended workspace boundary by specifying a path...

GHSA-JF25-7968-H2H5 OpenClaw: screen_record outPath bypassed workspace-only filesystem guard

Summary screenrecord outPath bypassed workspace-only filesystem guard. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The node-host screen recording tool could honor an outPath outside the workspace guard, allowing an authorized tool call...

OpenClaw: Workspace .env could inject OpenClaw runtime-control variables

Summary Workspace .env could inject OpenClaw runtime-control variables. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact A malicious workspace .env file could set OpenClaw runtime-control variables affecting update sources, gateway URLs,...

GHSA-7WV4-CC7P-JHXC OpenClaw: Workspace .env could inject OpenClaw runtime-control variables

Summary Workspace .env could inject OpenClaw runtime-control variables. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact A malicious workspace .env file could set OpenClaw runtime-control variables affecting update sources, gateway URLs,...

Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)

Summary A Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the service uses repository.save with a client-supplied primary key, the POST create endpoint behave...

Authorization Bypass Through User-Controlled Key

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the createDocumentStore, updateDocumentStore, and upsertDocStore paths in documentstore/index.ts and documentstore/index.ts. An attacker can create o...

GHSA-3PRP-9GF7-4RXX Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)

Summary A Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the service uses repository.save with a client-supplied primary key, the POST create endpoint behave...

EUVD-2026-22873

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

PT-2026-37026

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A plugin trust bypass exists where channel setup catalog lookups may resolve workspace plugin shadows before bundled channel plugins. This allows attackers to craft malicious workspace plugins...

PT-2026-37016

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description An environment variable injection issue exists where malicious workspace .env files can set runtime-control variables. This allows attackers to inject variables that affect update sources, gatewa...

PT-2026-37022

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A path traversal issue exists in the screen record tool where the outPath parameter bypasses workspace-only filesystem guards. This allows an authorized tool call to write files to unintended...

[SECURITY] Fedora 44 Update: plasma-workspace-wallpapers-6.6.4-1.fc44

Additional wallpapers for Plasma workspace...