7 matches found
Missing Authentication for Critical Function
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to missing authentication when starting sandbox browser bridge server. An attacker can gain unauthorized access to browser control...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the keychain credential refresh path. An attacker can execute arbitrary OS commands by supplying crafted OAuth tokens that are incorporated into shell command...
User Impersonation
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation in the Telegram allowlist authorization. An attacker can gain unauthorized access by registering or taking over a previously authorized @username and interacting with t...
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the extractArchive function in src/infra/archive.ts. An attacker can cause excessive resource consumption by submitting specially...
Improper Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization via the slash-command handler. An attacker can execute privileged commands by sending direct messages to the bot, bypassing intended allowlist or access-group...
Server-side Request Forgery (SSRF)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the gatewayUrl tool in the Gateway WebSocket client. An attacker can cause the host to initiate outbound WebSocket connections to arbitrary...
GHSA-8JPQ-5H99-FF5R OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension
Summary The Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. Affected versions - = 2026.2.14 Impact If an attacker can influence tool calls directly or via prompt injection, they may be able to...