Lucene search
K
GithubRecent

33268 matches found

Github Security Blog
Github Security Blog
added 2026/02/18 12:50 a.m.9 views

OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion

Summary OpenClaw's exec-approvals allowlist supports a small set of "safe bins" intended to be stdin-only no positional file arguments when running tools.exec.host=gateway|node with security=allowlist. In affected configurations, the allowlist validation checked pre-expansion argv tokens, but...

8.6CVSS5.8AI score0.00167EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:46 a.m.6 views

OpenClaw has a command injection in maintainer clawtributors updater

Summary Command injection in the maintainer/dev script scripts/update-clawtributors.ts. Impact Affects contributors/maintainers or CI who run bun scripts/update-clawtributors.ts in a source checkout that contains a malicious commit author email e.g. crafted @users.noreply.github.com values. Norma...

8.8CVSS5.9AI score0.01709EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:46 a.m.8 views

OpenClaw has a path traversal in browser upload allows local file read

Summary Authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs without restricting them to a safe root. Severity remains Hi...

7.1CVSS5.9AI score0.00408EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:43 a.m.11 views

OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities

Summary Under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Details Affected component: src/imessage/monitor/monitor-provider.ts. Vulnerable logic derived effectiveGroupAllowFr...

6.5CVSS5.5AI score0.00283EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/18 12:33 a.m.22 views

OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning

Summary Discovery beacons Bonjour/mDNS and DNS-SD include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. TXT records are unauthenticated. Prior to the fix, some clients treated TXT values as authoritative routing/pinning inputs: - iOS and macOS: used TXT-provided host...

7.1CVSS5.6AI score0.001EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 10:56 p.m.9 views

OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch

Summary Google Chat allowlisting supports matching by sender email in addition to immutable sender resource name users/. This weakens identity binding if a deployment assumes allowlists are strictly keyed by immutable principals. Affected Packages / Versions As of 2026-02-14; based on latest...

5.6AI score
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/17 9:43 p.m.19 views

OpenClaw skills.status could leak secrets to operator.read clients

Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:42 p.m.12 views

OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals

Summary A mismatch between rawCommand and command in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. Affected Configurations This only impacts deployments that: - Use the node host / companion node executi...

7.2CVSS5.8AI score0.0049EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:42 p.m.14 views

OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)

Summary OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as 0:0:0:0:0:ffff:7f00:1 which is 127.0.0.1. This could allow requests that should be blocked loopback / private network / link-local metadata to pass the SSRF guard. - Vulnerable component: SSRF...

7.5CVSS5.5AI score0.00391EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:42 p.m.10 views

OpenClaw Gateway tool allowed unrestricted gatewayUrl override

Summary The Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.14 planned What...

7.6CVSS5.7AI score0.00336EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:41 p.m.12 views

OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension

Summary The Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. Affected versions - = 2026.2.14 Impact If an attacker can influence tool calls directly or via prompt injection, they may be able to...

7.5CVSS5.5AI score0.00482EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:41 p.m.8 views

OpenClaw macOS deep link confirmation truncation can conceal executed agent message

Summary OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full message after the user clicked...

7.1CVSS6AI score0.00426EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:40 p.m.9 views

OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests

Summary In affected versions, OpenClaw's optional @openclaw/voice-call plugin Telnyx webhook handler could accept unsigned inbound webhook requests when telnyx.publicKey was not configured, allowing unauthenticated callers to forge Telnyx events. This only impacts deployments where the Voice Call...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:39 p.m.10 views

OpenClaw has a Path Traversal in Plugin Installation

Summary OpenClaw's plugin installation path derivation could be abused by a malicious plugin package.json name to escape the intended extensions directory and write files to a parent directory. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.1.20, = 2026.2.1 - Latest...

8.1CVSS5.4AI score0.00355EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:39 p.m.16 views

OpenClaw authorization bypass: operator.write can resolve exec approvals via chat.send -> /approve

Summary What this means plain language If you give a client “chat/write” access to the gateway operator.write but you do not intend to let that client approve exec requests operator.approvals, affected versions could still let that client approve/deny a pending exec approval by sending the /appro...

8.1CVSS5.7AI score0.00281EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:38 p.m.10 views

OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains

Summary NOTE: This only affects deployments that enable the optional MS Teams extension Teams channel. If you do not use MS Teams, you are not impacted. When OpenClaw downloads inbound MS Teams attachments / inline images, it may retry a URL with an Authorization: Bearer header after receiving 40...

7.5CVSS5.5AI score0.0026EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:37 p.m.11 views

OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline

Summary In the optional Twitch channel plugin extensions/twitch, allowFrom is documented as a hard allowlist of Twitch user IDs, but it was not enforced as a hard gate. If allowedRoles is unset or empty, the access control path defaulted to allow, so any Twitch user who could mention the bot coul...

9.4CVSS5.9AI score0.00444EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:36 p.m.11 views

OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)

Summary An authentication bypass in the optional voice-call extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to allowlist or pairing. Deployments that do not install/enable the voice-call extension are not affected. Affected Packag...

9.8CVSS5.6AI score0.00652EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:36 p.m.14 views

Nextcloud Talk allowlist bypass via actor.name display name spoofing

Summary In affected versions of the optional Nextcloud Talk plugin installed separately; not bundled with the core OpenClaw install, an untrusted webhook field actor.name, display name could be treated as an allowlist identifier. An attacker could change their Nextcloud display name to match an...

9.8CVSS5.6AI score0.00489EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:34 p.m.10 views

OpenClaw has a potential access-group authorization bypass if channel type lookup fails

Summary When Telegram webhook mode is enabled without a configured webhook secret, OpenClaw may accept unauthenticated HTTP POST requests at the Telegram webhook endpoint and trust attacker-controlled update JSON. This can allow forged Telegram updates that spoof message.from.id / chat.id,...

9.8CVSS5.6AI score0.00255EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:34 p.m.10 views

OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching

Summary OpenClaw Matrix DM allowlist matching could be bypassed in certain configurations. Matrix support ships as an optional plugin not bundled with the core install, so this only affects deployments that have installed and enabled the Matrix plugin. Affected Packages / Versions - Package:...

6.3CVSS5.7AI score0.00231EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:33 p.m.7 views

OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust

Summary In affected versions, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback 127.0.0.1, ::1, ::ffff:127.0.0.1 even when the configured webhook secret was missing or incorrect. This does not affect t...

7.5CVSS5.6AI score0.00319EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/17 9:31 p.m.10 views

OpenClaw optional voice-call plugin: webhook verification may be bypassed behind certain proxy configurations

Affected Packages / Versions This issue affects the optional voice-call plugin only. It is not enabled by default; it only applies to installations where the plugin is installed and enabled. - Package: @openclaw/voice-call - Vulnerable versions: = 2026.2.3 Legacy package name if you are still usi...

8.2CVSS5.5AI score0.00374EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/17 9:31 p.m.8 views

OpenClaw log poisoning (indirect prompt injection) via WebSocket headers

Summary In openclaw versions prior to 2026.2.13, OpenClaw logged certain WebSocket request headers including Origin and User-Agent without neutralization or length limits on the "closed before connect" path. If an unauthenticated client can reach the gateway and send crafted header values, those...

5.5AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:31 p.m.5 views

OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering

Summary The OpenClaw Nostr channel plugin optional, disabled by default, installed separately exposes profile management HTTP endpoints under /api/channels/nostr/:accountId/profile GET/PUT and /api/channels/nostr/:accountId/profile/import POST. In affected versions, these routes were dispatched v...

8.3CVSS5.8AI score0.0034EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:31 p.m.6 views

Apache Tomcat - Security constraint bypass with HTTP/0.9

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

6.5CVSS5.5AI score0.00494EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:31 p.m.15 views

Apache Tomcat has an Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

7.5CVSS5.7AI score0.00498EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/17 9:31 p.m.12 views

Apache Tomcat - Client certificate verification bypass

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

9.1CVSS5.5AI score0.00235EPSS
Exploits0References12Affected Software3
Github Security Blog
Github Security Blog
added 2026/02/17 9:30 p.m.8 views

OpenClaw affected by SSRF via attachment/media URL hydration

Summary Versions of the openclaw npm package prior to 2026.2.2 could be coerced into fetching arbitrary https URLs during attachment/media hydration. An attacker who can influence the media URL for example via model-controlled sendAttachment or auto-reply media URLs could trigger SSRF to internal...

8.6CVSS6.6AI score0.00397EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:30 p.m.52 views

fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)

Summary The XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Details There is a check in DocTypeReader.js that trie...

7.5CVSS5.9AI score0.00811EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:29 p.m.7 views

Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass

Impact An issue was discovered in httpsig-hyper where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison: rust if matches!digest, expecteddigest treated expecteddigest as a pattern binding rather than a value comparison,...

7.5CVSS5.6AI score0.00162EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:29 p.m.11 views

The rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide

Impact The contractimpl macro contains a bug in how it wires up function calls. In Rust, you can define functions on a type in two ways: - Directly on the type as an inherent function: rust impl MyContract fn value ... - Through a trait rust impl Trait for MyContract fn value ... These are two...

7.5CVSS5.6AI score0.00317EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:27 p.m.8 views

emp3r0r Affected by Concurrent Map Access DoS (panic/crash)

Summary Multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process crash availability loss. Vulnerable Componentwith code examples Operator relay map h...

7.5CVSS5.5AI score0.00291EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:55 p.m.6 views

Skill-scanner Unsecured Network Binding Vulnerability

Description: A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of service DoS condition or upload arbitrary files. This vulnerability is due to an erroneous binding to multiple interfaces. ...

9.1CVSS6.1AI score0.00328EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:54 p.m.11 views

Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node...

9.2CVSS5.8AI score0.00316EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:54 p.m.6 views

Indico Affected by Cross-Site-Scripting via material uploads

Impact There is a Cross-Site-Scripting vulnerability when uploading certain file types as materials. Patches You should to update to Indico 3.3.10 as soon as possible. See the docs for instructions on how to update. Please be aware that to apply the fix itself updating is sufficient, but to benef...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:53 p.m.11 views

Echo has a Windows path traversal via backslash in middleware.Static default filesystem

Summary On Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. Details In middleware/static.go, the requested path is unescaped and normalized with path.Clean URL semantics...

5.3CVSS6AI score0.00329EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:53 p.m.7 views

Indico has Server-Side Request Forgery (SSRF) in multiple places

Impact Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of Indico's functionality, but of course it is never intended to let you access "special" targets such as localhost or cloud metadata endpoints. Patches You should to update to Indic...

6.9CVSS5.7AI score0.00189EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:46 p.m.9 views

Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

Summary Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the javascript: scheme e.g. javascript:alert1, the generated index includes an anchor whose href attribute is exactly...

5.4CVSS6.5AI score0.00224EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:46 p.m.7 views

OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass

Summary In Telegram webhook mode, if channels.telegram.webhookSecret is not set, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates for example...

7.5CVSS5.6AI score0.002EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:44 p.m.6 views

Unauthenticated File Upload in Gogs

Security Advisory:Unauthenticated File Upload in Gogs Vulnerability Type: Unauthenticated File Upload Date: Aug 5, 2025 Discoverer: OpenAI Security Research Summary Gogs exposes unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any...

9.8CVSS5.6AI score0.00618EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:43 p.m.10 views

Gogs has a Protected Branch Deletion Bypass in Web Interface

Summary An access control bypass vulnerability in Gogs web interface allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing the branch protection mechanism. This vulnerability enabl...

8.8CVSS5.7AI score0.00436EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:42 p.m.9 views

Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs

Summary A broken access control vulnerability in Gogs allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI internal/route/repo/issue.go fails to verify that the label being modified belongs to the...

6.5CVSS5.8AI score0.00254EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:40 p.m.8 views

Gogs Allows Cross-Repository Comment Deletion via DeleteComment

IDOR: Cross-Repository Comment Deletion via DeleteComment Summary The POST /:owner/:repo/issues/comments/:id/delete endpoint does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by...

5.1CVSS5.8AI score0.00271EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 6:40 p.m.8 views

OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions

Summary When the Slack integration is enabled, Slack channel metadata topic/description could be incorporated into the model's system prompt. Impact Prompt injection is a documented risk for LLM-driven systems. This issue increased the injection surface by allowing untrusted Slack channel metadat...

3.7CVSS5.7AI score0.002EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 5:15 p.m.19 views

Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change

Summary Deleting a user account with SFTP access or changing the user's password does not immediately terminate existing SFTP sessions, allowing continued filesystem access after credentials are revoked. This can result in unintended and unauthorized access to server files even after administrato...

5.5AI score
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/17 5:14 p.m.14 views

OpenClaw has a webhook auth bypass when gateway is behind a reverse proxy (loopback remoteAddress trust)

Summary The BlueBubbles webhook handler previously treated any request whose socket remoteAddress was loopback 127.0.0.1, ::1, ::ffff:127.0.0.1 as authenticated. When OpenClaw Gateway is behind a reverse proxy Tailscale Serve/Funnel, nginx, Cloudflare Tunnel, ngrok, the proxy typically connects t...

8.2CVSS6AI score0.00408EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 5:13 p.m.13 views

OpenClaw affected by SSRF in Image Tool Remote Fetch

Summary A server-side request forgery SSRF vulnerability in the Image tool allowed attackers to force OpenClaw to make HTTP requests to arbitrary internal or restricted network targets. Affected Versions - npm: openclaw = 2026.2.1 Patched Versions - npm: openclaw 2026.2.2 and later Fix Commits -...

5.8AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 5:9 p.m.26 views

OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback

Summary The Chrome extension relay ensureChromeExtensionRelayServer previously treated wildcard hosts 0.0.0.0 / :: as loopback, which could make it bind the relay HTTP/WS server to all interfaces when a wildcard cdpUrl was passed. Impact If configured with a wildcard cdpUrl, relay HTTP endpoints...

9.1CVSS5.5AI score0.00396EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 4:46 p.m.14 views

OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes

Summary Exec approvals allowlist bypass via command substitution/backticks inside double quotes. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.2 Impact Only affects setups that explicitly enable the optional exec approvals allowlist feature. Default installs are...

9.8CVSS5.5AI score0.00476EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities33268