CVE-2026-41388

OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls...

CVE-2026-41388 OpenClaw < 2026.3.31 - Configuration Rehydration via Empty-Array Revocation Handling

OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from configuration management issues, where the migration process incorrectly treated empty arrays as missin...

Arbitrary File Upload

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary File Upload through the Tlon media downloads process. An attacker can exhaust disk resources by bypassing core size, count, and cleanup limits. Remediation Upgrade openclaw to...

OpenClaw: Tlon media downloads can bypass core safety limits and exhaust disk

Summary Tlon media downloads can bypass core safety limits and exhaust disk Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped v2026.3.28 Tlon media downloads bypassed core size/count/cleanup limits, but this is availability-only resource exhaustion in a...

GHSA-4G5X-2JFC-XM98 OpenClaw: Tlon media downloads can bypass core safety limits and exhaust disk

Summary Tlon media downloads can bypass core safety limits and exhaust disk Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped v2026.3.28 Tlon media downloads bypassed core size/count/cleanup limits, but this is availability-only resource exhaustion in a...

Interpretation Conflict

Overview @openclaw/tlon is an OpenClaw Tlon/Urbit channel plugin Affected versions of this package are vulnerable to Interpretation Conflict in the startup migration process. An attacker can restore previously revoked configuration settings by leveraging the improper handling of empty-array value...

GHSA-3PM9-5J7M-59VC OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config

Summary Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: v2026.3.28 startup migration still treats empty-array settings as missing and can rehydrate revoked Tlon config from file state afte...

OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation

Summary Tlon settings reconciliation treated explicit empty allowlists as unset, which could silently undo an intended deny-all revocation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

GHSA-PW7H-9G6P-C378 OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation

Summary Tlon settings reconciliation treated explicit empty allowlists as unset, which could silently undo an intended deny-all revocation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

Incorrect Authorization

Overview @openclaw/tlon is an OpenClaw Tlon/Urbit channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the reconciliation process for Tlon settings when explicit empty allowlists are treated as unset. An attacker can bypass intended access revocation by...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the reconciliation process for Tlon settings when explicit empty allowlists are treated as unset. An attacker can bypass intended access revocation by exploitin...

GHSA-VFG3-PQPQ-93M4 OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete

Summary Tlon cite expansion happened before channel and DM authorization completed, allowing cite work and content handling before the final auth decision. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete

Summary Tlon cite expansion happened before channel and DM authorization completed, allowing cite work and content handling before the final auth decision. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

Incorrect Authorization

Overview @openclaw/tlon is an OpenClaw Tlon/Urbit channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the cite expansion process before authorization is complete. An attacker can access or manipulate content prior to proper authorization by triggering ci...

CVE-2026-28476 OpenClaw < 2026.2.14 - Server-Side Request Forgery in Tlon Extension Authentication

OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP...

CVE-2026-28476

OpenClaw contains a server-side request forgery (SSRF) in the optional Tlon Urbit extension. Vulnerable in OpenClaw versions prior to 2026.2.14, where user-provided base URLs for authentication are not properly validated, allowing an attacker who can influence the Urbit URL to trigger the gateway...