FKIE_CVE-2026-27009

Vulnerability from fkie_nvd - Published: 2026-02-20 00:16 - Updated: 2026-02-20 17:41
Severity ?
5.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Summary
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw Control UI when rendering assistant identity (name/avatar) into an inline `<script>` tag without script-context-safe escaping. A crafted value containing `</script>` could break out of the script tag and execute attacker-controlled JavaScript in the Control UI origin. Version 2026.2.15 removed inline script injection and serve bootstrap config from a JSON endpoint and added a restrictive Content Security Policy for the Control UI (`script-src 'self'`, no inline scripts).
References
security-advisories@github.comhttps://github.com/openclaw/openclaw/commit/3b4096e02e7e335f99f5986ec1bd566e90b14a7ePatch
security-advisories@github.comhttps://github.com/openclaw/openclaw/commit/adc818db4a4b3b8d663e7674ef20436947514e1bPatch
security-advisories@github.comhttps://github.com/openclaw/openclaw/releases/tag/v2026.2.15Product, Release Notes
security-advisories@github.comhttps://github.com/openclaw/openclaw/security/advisories/GHSA-37gc-85xm-2ww6Exploit, Vendor Advisory, Patch
Impacted products
Vendor Product Version
openclaw openclaw *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "3CD9AC99-DDDF-4177-9253-04A63CA027DC",
              "versionEndExcluding": "2026.2.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw Control UI when rendering assistant identity (name/avatar) into an inline `\u003cscript\u003e` tag without script-context-safe escaping. A crafted value containing `\u003c/script\u003e` could break out of the script tag and execute attacker-controlled JavaScript in the Control UI origin. Version 2026.2.15 removed inline script injection and serve bootstrap config from a JSON endpoint and added a restrictive Content Security Policy for the Control UI (`script-src \u0027self\u0027`, no inline scripts)."
    },
    {
      "lang": "es",
      "value": "OpenClaw es un asistente personal de IA. Antes de la versi\u00f3n 2026.2.15, exist\u00eda un problema de XSS almacenado en la interfaz de usuario de control de OpenClaw al renderizar la identidad del asistente (nombre/avatar) en una etiqueta `` podr\u00eda escapar de la etiqueta de script y ejecutar JavaScript controlado por el atacante en el origen de la interfaz de usuario de control. La versi\u00f3n 2026.2.15 elimin\u00f3 la inyecci\u00f3n de scripts en l\u00ednea y sirve la configuraci\u00f3n de arranque desde un endpoint JSON, y a\u00f1adi\u00f3 una Pol\u00edtica de Seguridad de Contenido restrictiva para la interfaz de usuario de control (`script-src \u0027self\u0027`, sin scripts en l\u00ednea)."
    }
  ],
  "id": "CVE-2026-27009",
  "lastModified": "2026-02-20T17:41:44.670",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.6,
        "impactScore": 5.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-20T00:16:17.620",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openclaw/openclaw/commit/3b4096e02e7e335f99f5986ec1bd566e90b14a7e"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openclaw/openclaw/commit/adc818db4a4b3b8d663e7674ef20436947514e1b"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.15"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory",
        "Patch"
      ],
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-37gc-85xm-2ww6"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.