Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the node.event process. An attacker can gain unauthorized access to gateway-side tools and execute arbitrary code by dispatching unrestricted agent requests fro...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by CVE-2026-41378 via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41378 Source advisory: SNYK:JS-OPENCLAW-15894771...

GHSA-GJM7-HW8F-73RQ OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch

Summary Paired node escalates to gateway RCE via unrestricted node.event agent dispatch Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still lets paired role=node clients drive node.event agent.request into broader gateway-side tool access than nod...

OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch

Summary Paired node escalates to gateway RCE via unrestricted node.event agent dispatch Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still lets paired role=node clients drive node.event agent.request into broader gateway-side tool access than nod...

GHSA-6P8R-6M93-557F OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting

Summary Fake DeviceToken Bypasses Shared Auth Rate Limiting Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Real in shipped mixed WS auth flow, but practical risk is mostly weak shared-password deployments since strong shared tokens remain non-bruteforceable...

GHSA-58Q2-7R52-JQ62 OpenClaw: Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read

Summary Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 ACP dispatch still reads attachment paths outside the guarded attachment-cache or root checks, and the...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the node pairing process. An attacker can execute arbitrary commands on the host system by exploiting insufficient enforcement of node scope restrictions. This ...

GHSA-XJ9W-5R6Q-X6V4 OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md

Summary Device-Paired Node Skips Node Scope Gate → Host RCE.md Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real in shipped v2026.3.28 because a merely device-paired node could expose node commands without node pairing, but high is sufficient given the...

OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md

Summary Device-Paired Node Skips Node Scope Gate → Host RCE.md Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real in shipped v2026.3.28 because a merely device-paired node could expose node commands without node pairing, but high is sufficient given the...

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

Improper Isolation or Compartmentalization

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the handling of the nodeIntegrationInWorker configuration in shared renderer...

Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Impact The nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable...

Improper Isolation or Compartmentalization

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the handling of the nodeIntegrationInWorker configuration in...

PT-2026-30040

In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc drm config parse The logicvc drm config parse function calls of get child by name to find the "layers" node but fails to release the reference, leading to a device node...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the device node reference is not released properly within the logicvcdrmconfigparse...

PT-2026-30013

Impact This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctl...

PT-2026-30005

Impact The nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable...

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads

A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks...

Antrea has Missing Encryption of Sensitive Data

This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly...

GHSA-MHGQ-XPFQ-6R66 OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes

Summary Unauthenticated plugin-auth HTTP routes receive operator runtime scopes Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still gives auth:"plugin" routes operator WRITESCOPE, but impact should stay limited to plugin routes that actually tou...