OpenClaw has an unspecified vulnerability (CNVD-2026-16383)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to reuse previously approved requests and bypass enforcement of integrity controls...

GHSA-CJQ8-M7WJ-XMQ9 Duplicate Advisory: OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjvp-qhm6-wrh2. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with...

CVE-2026-32058

OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...

EUVD-2026-13962

OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...

CVE-2026-32058

OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to reuse previously approved requests and bypass enforcement of integrity controls...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the approval-enabled host=node workflows. An attacker can bypass intended approval integrity by reusing a previously approved request with altered environment...