Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2026-1161
Vulnerability from csaf_certbund - Published: 2026-04-16 22:00 - Updated: 2026-05-06 22:00Summary
OpenClaw: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: OpenClaw ist ein persönlicher KI-Assistent zur Ausführung auf eigenen Geräten.
Angriff: Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten offenzulegen oder zu manipulieren oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenClaw ist ein pers\u00f6nlicher KI-Assistent zur Ausf\u00fchrung auf eigenen Ger\u00e4ten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten offenzulegen oder zu manipulieren oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1161 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1161.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1161 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1161"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2767-2q9v-9326 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2767-2q9v-9326"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2cq5-mf3v-mx44 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2cq5-mf3v-mx44"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2gvc-4f3c-2855 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2gvc-4f3c-2855"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-525j-hqq2-66r4 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-525j-hqq2-66r4"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-527m-976r-jf79 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-527m-976r-jf79"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-536q-mj95-h29h vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-53vx-pmqw-863c vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-53vx-pmqw-863c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-5gjc-grvm-m88j vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5gjc-grvm-m88j"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-66r7-m7xm-v49h vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-66r7-m7xm-v49h"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-736r-jwj6-4w23 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-736r-jwj6-4w23"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-7g8c-cfr3-vqqr vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-7jp6-r74r-995q vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7jp6-r74r-995q"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-7wv4-cc7p-jhxc vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7wv4-cc7p-jhxc"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-82qx-6vj7-p8m2 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-82qx-6vj7-p8m2"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8372-7vhw-cm6q vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8372-7vhw-cm6q"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-92jp-89mq-4374 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-92jp-89mq-4374"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-939r-rj45-g2rj vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-939r-rj45-g2rj"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-c4qm-58hj-j6pj vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qm-58hj-j6pj"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-c9h3-5p7r-mrjh vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c9h3-5p7r-mrjh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cr8r-7g2h-6wr6 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cr8r-7g2h-6wr6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f3h5-h452-vp3j vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f3h5-h452-vp3j"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f7fh-qg34-x2xh vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f7fh-qg34-x2xh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f934-5rqf-xx47 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-g2hm-779g-vm32 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g2hm-779g-vm32"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-g375-h3v6-4873 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g375-h3v6-4873"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gc9r-867r-j85f vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gc9r-867r-j85f"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-j6c7-3h5x-99g9 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j6c7-3h5x-99g9"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-jf25-7968-h2h5 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jf25-7968-h2h5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-jhpv-5j76-m56h vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jhpv-5j76-m56h"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-jwrq-8g5x-5fhm vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jwrq-8g5x-5fhm"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mr34-9552-qr95 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mr34-9552-qr95"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qmwg-qprg-3j38 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qmwg-qprg-3j38"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-r77c-2cmr-7p47 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r77c-2cmr-7p47"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rj2p-j66c-mgqh vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rj2p-j66c-mgqh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-vfp4-8x56-j7c5 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfp4-8x56-j7c5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-vw3h-q6xq-jjm5 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vw3h-q6xq-jjm5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-xh72-v6v9-mwhc vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-xmxx-7p24-h892 vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-xq94-r468-qwgj vom 2026-04-16",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xq94-r468-qwgj"
}
],
"source_lang": "en-US",
"title": "OpenClaw: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-06T22:00:00.000+00:00",
"generator": {
"date": "2026-05-07T06:46:18.114+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1161",
"initial_release_date": "2026-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-20T22:00:00.000+00:00",
"number": "2",
"summary": "CVE erg\u00e4nzt"
},
{
"date": "2026-05-05T22:00:00.000+00:00",
"number": "3",
"summary": "CVE\u0027s erg\u00e4nzt"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "4",
"summary": "CVE\u0027s erg\u00e4nzt"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2026.4.15",
"product": {
"name": "Open Source OpenClaw \u003c2026.4.15",
"product_id": "T052940"
}
},
{
"category": "product_version",
"name": "2026.4.15",
"product": {
"name": "Open Source OpenClaw 2026.4.15",
"product_id": "T052940-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openclaw:openclaw:2026.4.15"
}
}
}
],
"category": "product_name",
"name": "OpenClaw"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41389",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-41389"
},
{
"cve": "CVE-2026-42433",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-42433"
},
{
"cve": "CVE-2026-42434",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-42434"
},
{
"cve": "CVE-2026-42435",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-42435"
},
{
"cve": "CVE-2026-42436",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-42436"
},
{
"cve": "CVE-2026-42437",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-42437"
},
{
"cve": "CVE-2026-42438",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-42438"
},
{
"cve": "CVE-2026-42439",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-42439"
},
{
"cve": "CVE-2026-43526",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43526"
},
{
"cve": "CVE-2026-43527",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43527"
},
{
"cve": "CVE-2026-43528",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43528"
},
{
"cve": "CVE-2026-43529",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43529"
},
{
"cve": "CVE-2026-43530",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43530"
},
{
"cve": "CVE-2026-43531",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43531"
},
{
"cve": "CVE-2026-43532",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43532"
},
{
"cve": "CVE-2026-43533",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43533"
},
{
"cve": "CVE-2026-43534",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43534"
},
{
"cve": "CVE-2026-43535",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43535"
},
{
"cve": "CVE-2026-43566",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43566"
},
{
"cve": "CVE-2026-43567",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43567"
},
{
"cve": "CVE-2026-43568",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43568"
},
{
"cve": "CVE-2026-43569",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43569"
},
{
"cve": "CVE-2026-43570",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43570"
},
{
"cve": "CVE-2026-43571",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43571"
},
{
"cve": "CVE-2026-43572",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43572"
},
{
"cve": "CVE-2026-43573",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43573"
},
{
"cve": "CVE-2026-43575",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43575"
},
{
"cve": "CVE-2026-43576",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43576"
},
{
"cve": "CVE-2026-43577",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43577"
},
{
"cve": "CVE-2026-43578",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43578"
},
{
"cve": "CVE-2026-43579",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43579"
},
{
"cve": "CVE-2026-43580",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43580"
},
{
"cve": "CVE-2026-43582",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43582"
},
{
"cve": "CVE-2026-43583",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43583"
},
{
"cve": "CVE-2026-43584",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43584"
},
{
"cve": "CVE-2026-43585",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-43585"
},
{
"cve": "CVE-2026-44109",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-44109"
},
{
"cve": "CVE-2026-44110",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-44110"
},
{
"cve": "CVE-2026-44111",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-44111"
},
{
"cve": "CVE-2026-44112",
"product_status": {
"known_affected": [
"T052940"
]
},
"release_date": "2026-04-16T22:00:00.000+00:00",
"title": "CVE-2026-44112"
}
]
}
CVE-2026-43584 (GCVE-0-2026-43584)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 14:59 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy
Summary
OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES. Attackers can exploit this by manipulating these environment variables to influence downstream execution behavior or network connectivity.
Severity ?
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
feiyang666
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:02:18.756165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T14:59:24.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "feiyang666"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES. Attackers can exploit this by manipulating these environment variables to influence downstream execution behavior or network connectivity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:26.146Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-vfp4-8x56-j7c5)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfp4-8x56-j7c5"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/2d126fc62343a7b6895351f96e4e1474bc358140"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-insufficient-environment-variable-denylist-in-exec-policy"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43584",
"datePublished": "2026-05-06T19:49:26.146Z",
"dateReserved": "2026-05-01T17:00:54.537Z",
"dateUpdated": "2026-05-07T14:59:24.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43533 (GCVE-0-2026-43533)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-06 12:42 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags
Summary
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through outbound media handling.
Severity ?
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
feiyang666
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T12:41:49.362441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T12:42:03.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "feiyang666"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through outbound media handling."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:05.764Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-66r7-m7xm-v49h)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-66r7-m7xm-v49h"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/604777e4414cc3b2ff8861f18f4fb04374c702c6"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-local-file-read-via-qqbot-media-tags"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43533",
"datePublished": "2026-05-05T11:25:05.764Z",
"dateReserved": "2026-05-01T16:56:19.947Z",
"dateUpdated": "2026-05-06T12:42:03.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43575 (GCVE-0-2026-43575)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 13:52 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route
Summary
OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser session.
Severity ?
9.8 (Critical)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
smaeljaish771
KeenSecurityLab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:50:49.476483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:52:13.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "2026.2.21",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"versionStartIncluding": "2026.2.21",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "smaeljaish771"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser session."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:19.801Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-92jp-89mq-4374)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-92jp-89mq-4374"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/8dfbf3268bd224b7377d1ecca77a445100746085"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.2.21 \u003c 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-sandbox-novnc-helper-route"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.2.21 \u003c 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43575",
"datePublished": "2026-05-06T19:49:19.801Z",
"dateReserved": "2026-05-01T16:58:23.117Z",
"dateUpdated": "2026-05-07T13:52:13.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43582 (GCVE-0-2026-43582)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 12:32 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass
Summary
OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to pivot to internal resources via unallowlisted hostname URLs.
Severity ?
6.3 (Medium)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
dhyabi2
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T12:31:43.704460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T12:32:09.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhyabi2"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to pivot to internal resources via unallowlisted hostname URLs."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:24.759Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-xq94-r468-qwgj)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xq94-r468-qwgj"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/121c452d666d4749744dc2089287d0227aae2ed3"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-dns-rebinding-ssrf-via-hostname-validation-bypass"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43582",
"datePublished": "2026-05-06T19:49:24.759Z",
"dateReserved": "2026-05-01T17:00:54.537Z",
"dateUpdated": "2026-05-07T12:32:09.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44111 (GCVE-0-2026-44111)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 13:36 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get
Summary
OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths to read files outside canonical memory locations or indexed QMD result sets.
Severity ?
CWE
- CWE-183 - Permissive List of Allowed Inputs
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:36:32.824010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:36:58.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.15",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.15",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths to read files outside canonical memory locations or indexed QMD result sets."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-183",
"description": "CWE-183: Permissive List of Allowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:29.004Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-f934-5rqf-xx47)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/37d5971db36491d5050efd42c333cbe0b98ed292"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-markdown-file-read-via-qmd-memory-get"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-44111",
"datePublished": "2026-05-06T19:49:29.004Z",
"dateReserved": "2026-05-05T11:30:46.259Z",
"dateUpdated": "2026-05-07T13:36:58.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43531 (GCVE-0-2026-43531)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-05 14:12 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File
Summary
OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise application behavior.
Severity ?
CWE
- CWE-15 - External Control of System or Configuration Setting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T13:49:24.909172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:12:31.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.9",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise application behavior."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15: External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:02.238Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-7wv4-cc7p-jhxc)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7wv4-cc7p-jhxc"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/dbfcef319618158fa40b31cdac386ea34c392c0c"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.9 - Environment Variable Injection via Workspace .env File",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-env-file"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.9 - Environment Variable Injection via Workspace .env File",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43531",
"datePublished": "2026-05-05T11:25:02.238Z",
"dateReserved": "2026-05-01T16:56:19.947Z",
"dateUpdated": "2026-05-05T14:12:31.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44110 (GCVE-0-2026-44110)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 13:58 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store
Summary
OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentially enabling privileged OpenClaw behavior.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
Nathan (@nexrin)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:58:00.390073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:58:12.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.15",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.15",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nathan (@nexrin)"
},
{
"lang": "en",
"type": "finder",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "finder",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentially enabling privileged OpenClaw behavior."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:28.347Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-2gvc-4f3c-2855)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2gvc-4f3c-2855"
},
{
"name": "Patch Commit (1)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/f8705f512b09043df02b5da372c33374734bd921"
},
{
"name": "Patch Commit (2)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/2bfd808a83116bd888e3e2633a61473fa2ed81b6"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-matrix-room-control-commands-via-dm-pairing-store"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-44110",
"datePublished": "2026-05-06T19:49:28.347Z",
"dateReserved": "2026-05-05T11:30:46.259Z",
"dateUpdated": "2026-05-07T13:58:12.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43570 (GCVE-0-2026-43570)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-06 14:13 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path Handling
Summary
OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended repository directory.
Severity ?
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:13:19.953809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:13:29.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.5",
"status": "affected",
"version": "2026.3.22",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.5",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.5",
"versionStartIncluding": "2026.3.22",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended repository directory."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:11.010Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-cr8r-7g2h-6wr6)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cr8r-7g2h-6wr6"
},
{
"name": "Patch Commit (1)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/94b0062e90467e1582b47cc971f308457c537f3a"
},
{
"name": "Patch Commit (2)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/b1dd3ded3589f6fa60ab85b3930a82d538edaeae"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.3.22 \u003c 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path Handling",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-remote-marketplace-repository-path-handling"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.3.22 \u003c 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path Handling",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43570",
"datePublished": "2026-05-05T11:25:11.010Z",
"dateReserved": "2026-05-01T16:58:23.117Z",
"dateUpdated": "2026-05-06T14:13:29.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42439 (GCVE-0-2026-42439)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:24 – Updated: 2026-05-05 14:12 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes
Summary
OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operations.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
Nicky (@nicky-cc)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T14:03:51.281785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:12:42.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nicky (@nicky-cc)"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operations."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:24:57.395Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-rj2p-j66c-mgqh)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rj2p-j66c-mgqh"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/48c0347921b7e9438af0312968fc360ca88023f3"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-in-browser-tabs-action-routes"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-42439",
"datePublished": "2026-05-05T11:24:57.395Z",
"dateReserved": "2026-04-27T11:40:07.152Z",
"dateUpdated": "2026-05-05T14:12:42.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43529 (GCVE-0-2026-43529)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-05 12:18 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator
Summary
OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and preflight read, causing the validator to inspect a different file identity than the one that passed the initial boundary check.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-15 00:00
Credits
kikayli
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T12:18:03.440322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:18:10.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "kikayli"
}
],
"datePublic": "2026-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and preflight read, causing the validator to inspect a different file identity than the one that passed the initial boundary check."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:00.303Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-gj9q-8w99-mp8j)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gj9q-8w99-mp8j"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/b024fae9e5df43e9b69b2daebb72be3469d52e91"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-toctou-race-condition-in-exec-script-preflight-validator"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43529",
"datePublished": "2026-05-05T11:25:00.303Z",
"dateReserved": "2026-05-01T16:56:19.947Z",
"dateUpdated": "2026-05-05T12:18:10.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43566 (GCVE-0-2026-43566)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-05 14:34 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events
Summary
OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when the run should have been downgraded.
Severity ?
9.1 (Critical)
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T14:28:26.048142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:34:42.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.14",
"status": "affected",
"version": "2026.4.7",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.14",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.14",
"versionStartIncluding": "2026.4.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when the run should have been downgraded."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:08.323Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-g2hm-779g-vm32)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g2hm-779g-vm32"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/31281bc92f55796817a92bc43f722cba1e77ab42"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.4.7 \u003c 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-untrusted-webhook-wake-events"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.4.7 \u003c 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43566",
"datePublished": "2026-05-05T11:25:08.323Z",
"dateReserved": "2026-05-01T16:58:23.116Z",
"dateUpdated": "2026-05-05T14:34:42.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43583 (GCVE-0-2026-43583)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 17:30 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.4.10 < 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery
Summary
OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T17:29:14.318920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T17:30:28.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.14",
"status": "affected",
"version": "2026.4.10",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.14",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.14",
"versionStartIncluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:25.474Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-r77c-2cmr-7p47)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r77c-2cmr-7p47"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/48aae82bbc19ba8b0741e61a08063eb0d1df464e"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.4.10 \u003c 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-loss-of-group-tool-policy-context-in-delivery-queue-recovery"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.4.10 \u003c 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43583",
"datePublished": "2026-05-06T19:49:25.474Z",
"dateReserved": "2026-05-01T17:00:54.537Z",
"dateUpdated": "2026-05-07T17:30:28.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42437 (GCVE-0-2026-42437)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:24 – Updated: 2026-05-05 12:20 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path
Summary
OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing the webhook path.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
G0odUser
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T12:19:52.282143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:20:06.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "2026.4.9",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"versionStartIncluding": "2026.4.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "G0odUser"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing the webhook path."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:24:55.977Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-vw3h-q6xq-jjm5)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vw3h-q6xq-jjm5"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/afadb7dae6738819ad9c7d2597ace0516957d20e"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.4.9 \u003c 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-oversized-websocket-frames-in-voice-call-realtime-path"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.4.9 \u003c 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-42437",
"datePublished": "2026-05-05T11:24:55.977Z",
"dateReserved": "2026-04-27T11:40:07.152Z",
"dateUpdated": "2026-05-05T12:20:06.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43534 (GCVE-0-2026-43534)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-06 14:12 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events
Summary
OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.
Severity ?
9.1 (Critical)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
qclawer
KeenSecurityLab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:12:17.202662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:12:27.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:06.675Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-7g8c-cfr3-vqqr)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/e3a845bde5b54f4f1e742d0a51ba9860f9619b29"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - Unsanitized External Input in Agent Hook Events",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-unsanitized-external-input-in-agent-hook-events"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - Unsanitized External Input in Agent Hook Events",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43534",
"datePublished": "2026-05-05T11:25:06.675Z",
"dateReserved": "2026-05-01T16:56:19.948Z",
"dateUpdated": "2026-05-06T14:12:27.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43569 (GCVE-0-2026-43569)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-06 12:42 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth
Summary
OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during authentication setup without explicit user consent.
Severity ?
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
Peng Zhou (@zpbrent)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T12:42:35.758983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T12:42:47.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.9",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Peng Zhou (@zpbrent)"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during authentication setup without explicit user consent."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:10.308Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-939r-rj45-g2rj)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-939r-rj45-g2rj"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/2d97eae53e212ae26f3aebcd6a50ffc6877f770d"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-untrusted-provider-plugin-auto-enablement-via-workspace-provider-auth"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43569",
"datePublished": "2026-05-05T11:25:10.308Z",
"dateReserved": "2026-05-01T16:58:23.117Z",
"dateUpdated": "2026-05-06T12:42:47.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44109 (GCVE-0-2026-44109)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 12:35 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation
Summary
OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling attackers to bypass signature verification and replay protection to execute arbitrary commands.
Severity ?
9.8 (Critical)
CWE
- CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
dhyabi2
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T12:34:48.808247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T12:35:11.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.15",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.15",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhyabi2"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling attackers to bypass signature verification and replay protection to execute arbitrary commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:27.637Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-xh72-v6v9-mwhc)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/c8003f1b33ed2924be5f62131bd28742c5a41aae"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-feishu-webhook-and-card-action-validation"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-44109",
"datePublished": "2026-05-06T19:49:27.637Z",
"dateReserved": "2026-05-05T11:30:46.259Z",
"dateUpdated": "2026-05-07T12:35:11.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42434 (GCVE-0-2026-42434)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:24 – Updated: 2026-05-05 12:24 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing
Summary
OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T12:24:52.875317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:24:59.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "2026.4.5",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"versionStartIncluding": "2026.4.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:24:53.898Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-736r-jwj6-4w23)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-736r-jwj6-4w23"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/dffad08529202edbf34e4808788e1182fe10f6a9"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.4.5 \u003c 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-host-parameter-override-in-exec-routing"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.4.5 \u003c 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-42434",
"datePublished": "2026-05-05T11:24:53.898Z",
"dateReserved": "2026-04-27T11:40:07.152Z",
"dateUpdated": "2026-05-05T12:24:59.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43572 (GCVE-0-2026-43572)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-05 14:24 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.4.10 < 2026.4.14 - Missing Sender Authorization in Microsoft Teams SSO Invoke Handler
Summary
OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass sender authorization by sending SSO invoke requests that are processed without proper validation, allowing unauthorized access to Teams SSO signin functionality.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T14:23:37.945206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:24:46.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.14",
"status": "affected",
"version": "2026.4.10",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.14",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.14",
"versionStartIncluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass sender authorization by sending SSO invoke requests that are processed without proper validation, allowing unauthorized access to Teams SSO signin functionality."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:12.449Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-gc9r-867r-j85f)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gc9r-867r-j85f"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/80b1fa17bfc3f6a668492f0326ea52f48bb89776"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.4.10 \u003c 2026.4.14 - Missing Sender Authorization in Microsoft Teams SSO Invoke Handler",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-missing-sender-authorization-in-microsoft-teams-sso-invoke-handler"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.4.10 \u003c 2026.4.14 - Missing Sender Authorization in Microsoft Teams SSO Invoke Handler",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43572",
"datePublished": "2026-05-05T11:25:12.449Z",
"dateReserved": "2026-05-01T16:58:23.117Z",
"dateUpdated": "2026-05-05T14:24:46.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42438 (GCVE-0-2026-42438)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:24 – Updated: 2026-05-05 14:48 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads
Summary
OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading to bypass sender and group-scoped authorization boundaries and retrieve readable local files through the outbound media path.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
Akiyama Mio (@Telecaster2147)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T14:48:10.944042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:48:23.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "2026.4.9",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"versionStartIncluding": "2026.4.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Akiyama Mio (@Telecaster2147)"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading to bypass sender and group-scoped authorization boundaries and retrieve readable local files through the outbound media path."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:24:56.718Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-jhpv-5j76-m56h)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jhpv-5j76-m56h"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/c949af9fabf3873b5b7c484090cb5f5ab6049a98"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.4.9 \u003c 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-sender-policy-bypass-in-host-media-attachment-reads"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.4.9 \u003c 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-42438",
"datePublished": "2026-05-05T11:24:56.718Z",
"dateReserved": "2026-04-27T11:40:07.152Z",
"dateUpdated": "2026-05-05T14:48:23.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43526 (GCVE-0-2026-43526)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:24 – Updated: 2026-05-05 12:24 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling
Summary
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
Yuki Shiroi (@threalwinky)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T12:24:17.090552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:24:23.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.12",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.12",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yuki Shiroi (@threalwinky)"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:24:58.093Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-2767-2q9v-9326)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2767-2q9v-9326"
},
{
"name": "Patch Commit (1)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a"
},
{
"name": "Patch Commit (2)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43526",
"datePublished": "2026-05-05T11:24:58.093Z",
"dateReserved": "2026-05-01T16:56:19.947Z",
"dateUpdated": "2026-05-05T12:24:23.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42433 (GCVE-0-2026-42433)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:24 – Updated: 2026-05-05 14:12 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools
Summary
OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner message-tool runs.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
Peng Zhou (@zpbrent)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T13:48:50.344877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:12:48.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Peng Zhou (@zpbrent)"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner message-tool runs."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:24:53.188Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-7jp6-r74r-995q)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7jp6-r74r-995q"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/fe0f686c9228fffcec6de4011da45e69a6e23e54"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-matrix-profile-config-persistence-access-via-operator-write-message-tools"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-42433",
"datePublished": "2026-05-05T11:24:53.188Z",
"dateReserved": "2026-04-27T11:40:07.151Z",
"dateUpdated": "2026-05-05T14:12:48.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43567 (GCVE-0-2026-43567)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-05 14:12 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter
Summary
OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T13:49:42.437459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:12:23.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool\u0027s outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:08.955Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-jf25-7968-h2h5)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jf25-7968-h2h5"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/635bb35b68d8faa5bfa2fda35feadd315122748a"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - Path Traversal in screen_record outPath Parameter",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-path-traversal-in-screen-record-outpath-parameter"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - Path Traversal in screen_record outPath Parameter",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43567",
"datePublished": "2026-05-05T11:25:08.955Z",
"dateReserved": "2026-05-01T16:58:23.117Z",
"dateUpdated": "2026-05-05T14:12:23.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43568 (GCVE-0-2026-43568)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-05 12:20 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.4.5 < 2026.4.10 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint
Summary
OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to escalate privileges.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
Peng Zhou (@zpbrent)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T12:20:32.203181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:20:38.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "2026.4.5",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"versionStartIncluding": "2026.4.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Peng Zhou (@zpbrent)"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to escalate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:09.593Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-5gjc-grvm-m88j)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5gjc-grvm-m88j"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/6af17b39e11f5f35e23b7e5a5f71a7d0aa3c7310"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.4.5 \u003c 2026.4.10 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-memory-dreaming-configuration-in-dreaming-endpoint"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.4.5 \u003c 2026.4.10 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43568",
"datePublished": "2026-05-05T11:25:09.593Z",
"dateReserved": "2026-05-01T16:58:23.117Z",
"dateUpdated": "2026-05-05T12:20:38.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43530 (GCVE-0-2026-43530)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-05 14:32 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution
Summary
OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weaken risk classification of unsafe applet invocations.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
nullPointerExcepTed (@decsecre583)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T14:31:04.836985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:32:40.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.12",
"status": "affected",
"version": "2026.2.23",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.12",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.12",
"versionStartIncluding": "2026.2.23",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nullPointerExcepTed (@decsecre583)"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weaken risk classification of unsafe applet invocations."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:01.066Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-2cq5-mf3v-mx44)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2cq5-mf3v-mx44"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/666f48d9b882a8a1415ca53f9567c72499d850c9"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.2.23 \u003c 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-weakened-exec-approval-binding-via-busybox-and-toybox-applet-execution"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.2.23 \u003c 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43530",
"datePublished": "2026-05-05T11:25:01.066Z",
"dateReserved": "2026-05-01T16:56:19.947Z",
"dateUpdated": "2026-05-05T14:32:40.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41389 (GCVE-0-2026-41389)
Vulnerability from cvelistv5 – Published: 2026-04-20 17:48 – Updated: 2026-04-20 18:05 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths
Summary
OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially disclosing sensitive files or exposing credentials.
Severity ?
5.8 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
Zou Dikai (@Kherrisan)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T18:04:52.711519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T18:05:03.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.15",
"status": "affected",
"version": "2026.4.7",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.15",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.15",
"versionStartIncluding": "2026.4.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zou Dikai (@Kherrisan)"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially disclosing sensitive files or exposing credentials.\u003c/p\u003e"
}
],
"value": "OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially disclosing sensitive files or exposing credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T17:51:12.367Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-mr34-9552-qr95)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mr34-9552-qr95"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/1470de5d3e0970856d86cd99336bb8ada3fe87da"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/52ef42302ead9e183e6c8810e0a04ee4ef8ae9fc"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-unvalidated-tool-result-media-paths"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.4.7 \u003c 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-41389",
"datePublished": "2026-04-20T17:48:43.704Z",
"dateReserved": "2026-04-20T14:13:45.348Z",
"dateUpdated": "2026-04-20T18:05:03.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43527 (GCVE-0-2026-43527)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:24 – Updated: 2026-05-06 12:40 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation
Summary
OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
dhyabi2
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T12:39:27.138815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T12:40:20.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.14",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.14",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.14",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhyabi2"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-1188",
"description": "CWE-1188 Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:24:58.766Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-53vx-pmqw-863c)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-53vx-pmqw-863c"
},
{
"name": "Patch Commit (1)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/024f4614a1a1831406e763adc40ef226e3d5e9ed"
},
{
"name": "Patch Commit (2)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/1dabfef28db523e7de81edeb3dd689e9171236a2"
},
{
"name": "Patch Commit (3)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/213c36cf51121ef6c05cfccd78037371f968f31a"
},
{
"name": "Patch Commit (4)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/7eecfa411df3d12e6b810e6ca5df47254fc3db3f"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.14 - Server-Side Request Forgery via Private Network Navigation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-private-network-navigation"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.14 - Server-Side Request Forgery via Private Network Navigation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43527",
"datePublished": "2026-05-05T11:24:58.766Z",
"dateReserved": "2026-05-01T16:56:19.947Z",
"dateUpdated": "2026-05-06T12:40:20.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43571 (GCVE-0-2026-43571)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-05 11:58 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup
Summary
OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-time plugin loading.
Severity ?
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43571",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T11:54:14.940590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:58:58.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-time plugin loading."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:11.729Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-82qx-6vj7-p8m2)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-82qx-6vj7-p8m2"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/1fede43b948df40ca8674511d4bd08d39f6c5837"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-untrusted-workspace-plugin-shadow-resolution-in-channel-setup"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43571",
"datePublished": "2026-05-05T11:25:11.729Z",
"dateReserved": "2026-05-01T16:58:23.117Z",
"dateUpdated": "2026-05-05T11:58:58.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44112 (GCVE-0-2026-44112)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 17:28 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes
Summary
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-23 00:00
Credits
vladimir tokarev (@VladimirEliTokarev)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T17:25:18.853727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T17:28:12.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.22",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.22",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.22",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "vladimir tokarev (@VladimirEliTokarev)"
}
],
"datePublic": "2026-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:29.626Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-wppj-c6mr-83jj)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-44112",
"datePublished": "2026-05-06T19:49:29.626Z",
"dateReserved": "2026-05-05T11:30:46.259Z",
"dateUpdated": "2026-05-07T17:28:12.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43580 (GCVE-0-2026-43580)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 12:31 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions
Summary
OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute unauthorized navigation.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T12:31:47.994140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T12:31:58.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute unauthorized navigation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:23.273Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-536q-mj95-h29h)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h"
},
{
"name": "Patch Commit (1)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe"
},
{
"name": "Patch Commit (2)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3"
},
{
"name": "Patch Commit (3)",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-incomplete-navigation-guard-coverage-in-browser-interactions"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43580",
"datePublished": "2026-05-06T19:49:23.273Z",
"dateReserved": "2026-05-01T17:00:54.537Z",
"dateUpdated": "2026-05-07T12:31:58.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42435 (GCVE-0-2026-42435)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:24 – Updated: 2026-05-06 12:30 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection
Summary
OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and PS4, affecting execution semantics and security controls.
Severity ?
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T12:30:14.693193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T12:30:24.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.12",
"status": "affected",
"version": "2026.2.22",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.12",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.12",
"versionStartIncluding": "2026.2.22",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and PS4, affecting execution semantics and security controls."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:24:54.597Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-j6c7-3h5x-99g9)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j6c7-3h5x-99g9"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/8f8492d172f4c5b4fd7dd9a47855ed620c8770ab"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.2.22 \u003c 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-shell-wrapper-detection-bypass-via-environment-variable-assignment-injection"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.2.22 \u003c 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-42435",
"datePublished": "2026-05-05T11:24:54.597Z",
"dateReserved": "2026-04-27T11:40:07.152Z",
"dateUpdated": "2026-05-06T12:30:24.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43535 (GCVE-0-2026-43535)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-05 12:08 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches
Summary
OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a more privileged sender's context, causing earlier messages to execute with elevated permissions.
Severity ?
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T12:07:14.178802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:08:21.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.14",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.14",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.14",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender\u0027s authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a more privileged sender\u0027s context, causing earlier messages to execute with elevated permissions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:07.457Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-jwrq-8g5x-5fhm)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jwrq-8g5x-5fhm"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/43d4be902755c970b3d15608679761877718da69"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-authorization-context-reuse-in-collect-mode-queue-batches"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43535",
"datePublished": "2026-05-05T11:25:07.457Z",
"dateReserved": "2026-05-01T16:56:19.948Z",
"dateUpdated": "2026-05-05T12:08:21.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43579 (GCVE-0-2026-43579)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 13:54 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes
Summary
OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile settings through unprotected mutation endpoints to gain unauthorized configuration persistence.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
Peng Zhou (@zpbrent)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:53:58.915297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:54:07.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Peng Zhou (@zpbrent)"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile settings through unprotected mutation endpoints to gain unauthorized configuration persistence."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:22.588Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-f3h5-h452-vp3j)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f3h5-h452-vp3j"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/6517c700de9bb0ee11b41ab625ef3b63d01b6083"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-insufficient-access-control-in-nostr-profile-mutation-routes"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43579",
"datePublished": "2026-05-06T19:49:22.588Z",
"dateReserved": "2026-05-01T17:00:54.537Z",
"dateUpdated": "2026-05-07T13:54:07.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43576 (GCVE-0-2026-43576)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 12:30 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL
Summary
OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections to arbitrary hosts and perform SSRF-style attacks.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
Nicky (@nicky-cc)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T12:30:18.340987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T12:30:31.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.5",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nicky (@nicky-cc)"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections to arbitrary hosts and perform SSRF-style attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:20.428Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-f7fh-qg34-x2xh)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f7fh-qg34-x2xh"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/bc356cc8c2beaa747c71dd86cceab8f804699665"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-second-hop-ssrf-via-cdp-json-version-websocket-url"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43576",
"datePublished": "2026-05-06T19:49:20.428Z",
"dateReserved": "2026-05-01T17:00:54.536Z",
"dateUpdated": "2026-05-07T12:30:31.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42436 (GCVE-0-2026-42436)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:24 – Updated: 2026-05-06 14:10 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes
Summary
OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page content by exploiting route-driven navigation without proper policy re-validation.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:10:04.180017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:10:13.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.14",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.14",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.14",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page content by exploiting route-driven navigation without proper policy re-validation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:24:55.261Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-c4qm-58hj-j6pj)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qm-58hj-j6pj"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/b75ad800a59009fc47eaa3471410f69046150e59"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-internal-page-content-exposure-via-browser-snapshot-and-screenshot-routes"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-42436",
"datePublished": "2026-05-05T11:24:55.261Z",
"dateReserved": "2026-04-27T11:40:07.152Z",
"dateUpdated": "2026-05-06T14:10:13.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43528 (GCVE-0-2026-43528)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:24 – Updated: 2026-05-06 14:11 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases
Summary
OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication material, and channel credentials that should have been redacted.
Severity ?
CWE
- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:10:57.795438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:11:10.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.14",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.14",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.14",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication material, and channel credentials that should have been redacted."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:24:59.369Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-8372-7vhw-cm6q)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8372-7vhw-cm6q"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/86734ef93a2f25063371b04f1946eb300548acd4"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-redaction-bypass-via-sourceconfig-and-runtimeconfig-aliases"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43528",
"datePublished": "2026-05-05T11:24:59.369Z",
"dateReserved": "2026-05-01T16:56:19.947Z",
"dateUpdated": "2026-05-06T14:11:10.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43573 (GCVE-0-2026-43573)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-05 14:12 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes
Summary
OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement.
Severity ?
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T13:49:59.528059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:12:16.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:13.139Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-527m-976r-jf79)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-527m-976r-jf79"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/daeb74920d5ad986cb600625180037e23221e93a"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-in-existing-session-browser-interaction-routes"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43573",
"datePublished": "2026-05-05T11:25:13.139Z",
"dateReserved": "2026-05-01T16:58:23.117Z",
"dateUpdated": "2026-05-05T14:12:16.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43577 (GCVE-0-2026-43577)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 17:32 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes
Summary
OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
tdjackey
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T17:31:17.481156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T17:32:03.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.9",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "tdjackey"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:21.091Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-qmwg-qprg-3j38)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qmwg-qprg-3j38"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.9 - Arbitrary File Read via Browser Interaction Routes",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-browser-interaction-routes"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.9 - Arbitrary File Read via Browser Interaction Routes",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43577",
"datePublished": "2026-05-06T19:49:21.091Z",
"dateReserved": "2026-05-01T17:00:54.537Z",
"dateUpdated": "2026-05-07T17:32:03.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43585 (GCVE-0-2026-43585)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 13:53 X_Open Source
VLAI?
EPSS
Title
OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution
Summary
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthorized gateway access.
Severity ?
8.1 (High)
CWE
- CWE-672 - Operation on a Resource after Expiration or Release
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
KeenSecurityLab
qclawer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:53:26.925811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:53:33.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.15",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.15",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthorized gateway access."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-672",
"description": "Operation on a Resource after Expiration or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:26.877Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-xmxx-7p24-h892)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1ad85f3130f63b42443ce90f094"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43585",
"datePublished": "2026-05-06T19:49:26.877Z",
"dateReserved": "2026-05-01T17:00:54.537Z",
"dateUpdated": "2026-05-07T13:53:33.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43578 (GCVE-0-2026-43578)
Vulnerability from cvelistv5 – Published: 2026-05-06 19:49 – Updated: 2026-05-07 14:59 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade
Summary
OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged context than intended.
Severity ?
9.1 (Critical)
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
zsx (@zsxsoft)
qclawer
KeenSecurityLab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:00:17.162463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T14:59:33.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "2026.3.31",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"versionStartIncluding": "2026.3.31",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged context than intended."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:49:21.819Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-g375-h3v6-4873)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g375-h3v6-4873"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/19a2e9ddb5a8a494abcba812bb11f51075026a27"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.3.31 \u003c 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-missed-async-exec-completion-events-in-heartbeat-owner-downgrade"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.3.31 \u003c 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43578",
"datePublished": "2026-05-06T19:49:21.819Z",
"dateReserved": "2026-05-01T17:00:54.537Z",
"dateUpdated": "2026-05-07T14:59:33.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43532 (GCVE-0-2026-43532)
Vulnerability from cvelistv5 – Published: 2026-05-05 11:25 – Updated: 2026-05-05 12:21 X_Open Source
VLAI?
EPSS
Title
OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image
Summary
OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media.
Severity ?
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Date Public ?
2026-04-16 00:00
Credits
Akiyama Mio (@Telecaster2147)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T12:21:31.517473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:21:37.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.4.10",
"status": "affected",
"version": "2026.4.7",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.4.10",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.4.10",
"versionStartIncluding": "2026.4.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Akiyama Mio (@Telecaster2147)"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T11:25:04.990Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-c9h3-5p7r-mrjh)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c9h3-5p7r-mrjh"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/979c6f09d6fad96596feb91c905934be7e0b4f15"
},
{
"name": "VulnCheck Advisory: OpenClaw 2026.4.7 \u003c 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-sandbox-media-normalization-bypass-via-discord-event-cover-image"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw 2026.4.7 \u003c 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-43532",
"datePublished": "2026-05-05T11:25:04.990Z",
"dateReserved": "2026-05-01T16:56:19.947Z",
"dateUpdated": "2026-05-05T12:21:37.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…