Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/04 8:57 p.m.6 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the write process. An attacker can cause unauthorized file writes outside the intended sandbox mount root by...

9.6CVSS5.8AI score0.02442EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 9:58 p.m.3 views

GHSA-53VX-PMQW-863C OpenClaw: Browser SSRF policy default allowed private-network navigation

Summary Browser SSRF policy default allowed private-network navigation. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Browser SSRF protection could allow private-network navigation by default in paths where restrictive behavior was...

7.7CVSS5.7AI score0.0028EPSS
Exploits0References10
Snyk
Snyk
added 2026/03/16 8:40 p.m.3 views

Insertion of Sensitive Information into Log File

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the fetchRemoteMedia function. An attacker can obtain sensitive bot tokens by triggering Telegram media fetch errors that cause the...

8.7CVSS5.8AI score0.00418EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 8:55 p.m.4 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the WebSocket connection. An attacker can gain unauthorized access to elevated gateway operations by presenting client-declared scopes that are not properly boun...

9.9CVSS5.8AI score0.00505EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/06 1:0 a.m.2 views

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the webhook process of the BlueBubbles plugin due to trusting the loopback remoteAddress without validating forwarding headers. An attacker...

8.2CVSS5.9AI score0.00408EPSS
Exploits0References2
Rows per page
Query Builder