OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from the use of the heartbeat context inheritance and the senderIsOwner parameter, which could allow bypassi...

CVE-2026-41329

OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privile...

CVE-2026-41329 OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation

OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privile...

OpenClaw: Heartbeat context inheritance bypasses sandbox via senderIsOwner escalation

Summary Heartbeat context inheritance bypasses sandbox via senderIsOwner escalation Current Maintainer Triage - Status: open - Normalized severity: Critical Affected Packages / Versions - Package: openclaw npm - Latest published npm version: 2026.3.31 - Vulnerable version range: = 2026.3.31 - Fir...

PT-2026-33871

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An issue allows attackers to escape sandbox restrictions and achieve unauthorized privilege escalation. This is possible through heartbeat context inheritance and the manipulation of the...

CVE-2026-32035

OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron functionality in...

CVE-2026-32035

OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron functionality in...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that is caused by failing to pass the senderIsOwner flag when processing Discord voice transcription in agentCommand. An attacker could exploit the vulnerability to cause a voi...

OpenClaw: Discord voice transcript owner-flag omission could expose owner-only tools in mixed-trust channels

Summary In [email protected], the Discord voice transcript path called agentCommand... without senderIsOwner, and agentCommand defaults missing senderIsOwner to true. This could allow a non-owner voice participant in the same channel to reach owner-only tool surfaces gateway, cron during voice...