Lucene search
+L

4 matches found

Github Security Blog
Github Security Blog
added 2026/04/07 6:11 p.m.8 views

OpenClaw: `session_status` still bypasses configured `tools.sessions.visibility` for unsandboxed invocations

Summary sessionstatus still bypasses configured tools.sessions.visibility for unsandboxed invocations Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real on shipped v2026.3.22: non-sandboxed sessionstatus skipped the shared visibility guard, but this is a...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/03 2:53 a.m.7 views

OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration

Summary Media Local Roots Self-Whitelisting in appendLocalMediaParentRoots Allows Model-Initiated Arbitrary Host File Read and Credential Exfiltration Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still self-whitelists media parent dirs in...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/03 2:49 a.m.2 views

GHSA-68V4-HMWV-F43H OpenClaw: Media download follows cross-origin redirects with Authorization headers intact

Summary Media download follows cross-origin redirects with Authorization headers intact Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Shipped v2026.3.28 media downloads forwarded Authorization across cross-origin redirects, a real in-scope credential-leak...

6CVSS5.9AI score0.00296EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/02 8:58 p.m.19 views

OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get

Summary OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: v2026.3.28 still models Nostr privateKey as plain string so config views can expose it, and the secret-schema f...

7.1CVSS5.9AI score0.00207EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder