EUVD-2026-27259

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

CVE-2026-42438

OpenClaw version 2026.4.9 and older is affected by a sender policy bypass in the outbound host-media attachment read helper, enabling unauthorized local file disclosure when an attacker has denied read access via toolsBySender or group policy. The bypass can circumvent sender and group-scoped aut...

PT-2026-37010

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.9 through 2026.4.9 Description A sender policy bypass exists in the outbound host-media attachment read helper. This issue allows unauthorized local file disclosure when deployments allow host read or filesystem root...

CVE-2026-32039

CVE-2026-32039 affects OpenClaw prior to version 2026.2.22. A vulnerability in the toolsBySender group policy matching allows attackers to bypass sender authorization by causing identity collisions on untyped sender keys with mutable values (e.g., senderName or senderUsername), granting unauthori...

CVE-2026-32039

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy matching that allows attackers to inherit elevated tool permissions through identifier collision attacks. Attackers can exploit untyped sender keys by forcing collisions with mutab...

CVE-2026-32039 OpenClaw < 2026.2.22 - Sender Authorization Bypass via Identity Collision in toolsBySender

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy matching that allows attackers to inherit elevated tool permissions through identifier collision attacks. Attackers can exploit untyped sender keys by forcing collisions with mutab...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the toolsBySender process when untyped sender keys are used. An attacker can gain unauthorized access to privileged group tool permissions by causing an...

GHSA-WPPH-CJGR-7C39 OpenClaw's typed sender-key matching for toolsBySender prevents identity-collision policy bypass

Summary channels..groups..toolsBySender could match a privileged sender policy using a colliding mutable identity value for example senderName or senderUsername when deployments used untyped keys. The fix introduces explicit typed sender keys id:, e164:, username:, name:, keeps legacy untyped key...

OpenClaw's typed sender-key matching for toolsBySender prevents identity-collision policy bypass

Summary channels..groups..toolsBySender could match a privileged sender policy using a colliding mutable identity value for example senderName or senderUsername when deployments used untyped keys. The fix introduces explicit typed sender keys id:, e164:, username:, name:, keeps legacy untyped key...

PT-2026-26420

Summary channels..groups..toolsBySender could match a privileged sender policy using a colliding mutable identity value for example senderName or senderUsername when deployments used untyped keys. The fix introduces explicit typed sender keys id:, e164:, username:, name:, keeps legacy untyped key...