NPM: OpenClaw: Agent gateway config mutations could change protected operator settings

NPM: OpenClaw: Agent gateway config mutations could change protected operator settings vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

OpenClaw: Agent gateway config mutations could change protected operator settings

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The agent-facing gateway config.patch / config.apply guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook...

GHSA-7JM2-G593-4QRC OpenClaw: Agent gateway config mutations could change protected operator settings

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The agent-facing gateway config.patch / config.apply guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook...

GHSA-V8QF-FR4G-28P2 OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The Control UI assistant-media route authenticated trusted-proxy callers but did not enforce the declared operator scopes for identity-bearing HTTP auth paths. A trusted-proxy...

OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The Control UI assistant-media route authenticated trusted-proxy callers but did not enforce the declared operator scopes for identity-bearing HTTP auth paths. A trusted-proxy...

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, crossplane-provider-azure-managedidentity, trident, gatus-fips, crossplane-provider-aws-secretsmanager-fips, docker-machine-driver-harvester,...

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, crossplane-provider-azure-managedidentity, trident, gatus-fips, crossplane-provider-aws-secretsmanager-fips, docker-machine-driver-harvester,...

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-kinesis, redpanda, nuclei, cluster-api-provider-vsphere, flux-image-automation-controller, crossplane-provider-aws-elasticache, aws-privateca-issuer, hubble, podman, teleport, terraform, ko, crossplane-provider-aws-firehose,...

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-kinesis, redpanda, nuclei, cluster-api-provider-vsphere, flux-image-automation-controller, crossplane-provider-aws-elasticache, aws-privateca-issuer, hubble, podman, teleport, terraform, ko, crossplane-provider-aws-firehose,...

GHSA-PJCQ-XVWQ-HHPJ vulnerabilities

Vulnerabilities for packages: rancher-webhook, frp, nuclei, kyverno, rancher, flux, gitea, trufflehog, cert-manager-cmctl, opentofu, teleport, zot, terraform, seaweedfs, harbor, spqr, rancher-agent, kyverno-notation-aws, dex, cert-manager-istio-csr, external-secrets-operator, ratify, telegraf,...

CVE-2026-32952 vulnerabilities

Vulnerabilities for packages: rancher-webhook, frp, nuclei, kyverno, rancher, flux, gitea, trufflehog, cert-manager-cmctl, opentofu, teleport, zot, terraform, seaweedfs, harbor, spqr, rancher-agent, kyverno-notation-aws, dex, cert-manager-istio-csr, external-secrets-operator, ratify, telegraf,...

CVE-2026-32952 vulnerabilities

Vulnerabilities for packages: cert-manager-csi-driver, nuclei, cert-manager-cmctl, gitlab-runner, grafana, cert-manager-istio-csr-fips, elastic-agent, gitea, flux-fips, frp, rclone-fips, cloudbeat, seaweedfs-rocksdb, openbao-fips, cloudbeat-fips, external-secrets-fips, beats, rancher-webhook-fips...

k8sGPT has Prompt Injection through its k8sGPT-Operator

Summary In the auto-remediation pipeline, objecttoexecution.go was deserializing the AI-generated YAML directly into a Deployment object, but there was lack of validation from the original Deployment object. Details This issue was fixed after coordination with Alex Jones. PoC To minimize the...

GHSA-394X-274P-MQC6 Duplicate Advisory: OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-767m-xrhc-fxm7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write...

EUVD-2026-25331

OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized...

Duplicate Advisory: OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mhr7-2xmv-4c4q. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy...

GHSA-2XP4-QHR4-XQM2 Duplicate Advisory: OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mhr7-2xmv-4c4q. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy...

CVE-2026-41347

OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized...

CVE-2026-41359

OpenClaw prior to version 2026.3.28 contains a privilege escalation vulnerability. Authenticated operators with write permissions can access admin-class Telegram configuration and cron persistence settings via the send endpoint due to insufficient access controls. The CVE entry notes a CVSS v3.1/...

CVE-2026-41359 OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...