•about 5 hours ago•GHSA-7H7G-X2PX-94HJ
5.3GHSA-7H7G-X2PX-94HJ: Credential Exposure in OpenClaw Device Pairing
The OpenClaw personal AI assistant ecosystem suffers from an insufficiently protected credentials vulnerability (CWE-522) during the device pairing process. The Gateway generates setup codes that embed permanent, shared authentication tokens rather than ephemeral bootstrap keys. Interception of these codes grants an attacker persistent access to the user's Gateway, exposing integrated AI service API keys, chat histories, and agent configurations. The vulnerability is resolved in version v2026.3.12 through the implementation of short-lived, per-device session credentials.
2 views•6 min read
•about 8 hours ago•GHSA-VMHQ-CQM9-6P7Q
7.1GHSA-VMHQ-CQM9-6P7Q: Privilege Escalation via Incorrect Authorization in OpenClaw Gateway
A high-severity authorization bypass vulnerability exists in the OpenClaw AI assistant platform. It permits users with write-scoped permissions to interact with restricted administrative endpoints. This flaw enables attackers to modify or delete persistent browser profiles, hijacking browser infrastructure via malicious Chrome DevTools Protocol (CDP) URLs.
6 views•5 min read
•about 8 hours ago•GHSA-M69H-JM2F-2PV8
ModerateGHSA-m69h-jm2f-2pv8: Authorization Bypass via Insecure Event Resolution in OpenClaw Feishu Extension
An authorization bypass vulnerability exists in the Feishu extension of the OpenClaw AI assistant framework. By exploiting an insecure default in the reaction event processing logic, attackers can trigger bot actions in restricted group contexts, bypassing mention gating and group authorization controls.
4 views•7 min read
•about 9 hours ago•GHSA-F8R2-VG7X-GH8M
5.3GHSA-f8r2-vg7x-gh8m: Path Overmatching and Command Execution Bypass in OpenClaw
OpenClaw versions up to 2026.3.8 suffer from an improper input validation vulnerability in the command execution allowlist mechanism. Flawed pattern matching logic, including improper lowercasing on POSIX systems and broad glob wildcard handling, allows an attacker to bypass execution restrictions and invoke unauthorized commands.
2 views•5 min read
•about 11 hours ago•GHSA-R7VR-GR74-94P8
8.8GHSA-r7vr-gr74-94p8: Improper Authorization and Privilege Escalation in OpenClaw
OpenClaw versions prior to v2026.3.12 contain an improper authorization vulnerability in the command dispatcher logic. A missing ownership validation check allows any user on the general allowlist to execute highly sensitive administrative commands. This flaw exposes the bot configuration and debug surfaces, leading to potential information disclosure and service disruption.
3 views•5 min read
•about 12 hours ago•GHSA-99QW-6MR3-36QR
9.6GHSA-99QW-6MR3-36QR: Remote Code Execution via Malicious Workspace Plugins in OpenClaw
OpenClaw, an open-source AI agent platform, contains a critical vulnerability in its plugin auto-discovery mechanism. The platform implicitly trusts and executes code located within the `.openclaw/extensions/` directory of any opened workspace. This behavior allows an attacker to achieve arbitrary code execution by convincing a user to clone and open a maliciously crafted repository.
2 views•7 min read
•about 12 hours ago•GHSA-WCXR-59V9-RXR8
9.9GHSA-WCXR-59V9-RXR8: Sandbox Escape via Improper Authorization in OpenClaw session_status Tool
The OpenClaw `session_status` tool fails to properly validate authorization boundaries when processing the `sessionKey` parameter. This flaw allows restricted sandboxed subagents to read or influence the state of higher-privileged parent sessions, resulting in a critical sandbox escape.
2 views•5 min read
•about 13 hours ago•GHSA-RQPP-RJJ8-7WV8
9.9GHSA-RQPP-RJJ8-7WV8: Privilege Escalation via Logic Flaw in OpenClaw WebSocket Authentication
A critical logic flaw in the OpenClaw gateway's WebSocket authentication mechanism allows remote attackers authenticated via shared secrets to arbitrarily elevate their authorization scopes to administrative levels.
3 views•6 min read
•about 14 hours ago•GHSA-2RQG-GJGV-84JM
8.5GHSA-2rqg-gjgv-84jm: Workspace Boundary Bypass and Sandbox Escape in OpenClaw
A critical vulnerability in the OpenClaw gateway architecture allows subagents to bypass workspace sandboxes by manipulating RPC parameters. By supplying arbitrary paths during agent spawning, attackers can escape the designated execution directory and achieve arbitrary file read and write on the host filesystem.
2 views•6 min read
•about 14 hours ago•GHSA-G353-MGV3-8PCJ
8.6GHSA-G353-MGV3-8PCJ: Authentication Bypass via Forged Webhook Events in OpenClaw Feishu Integration
OpenClaw versions prior to 2026.3.12 contain a high-severity authentication bypass vulnerability in the Feishu channel integration. When configured in webhook mode without an encryption key, the system relies solely on a static plaintext token, allowing unauthenticated remote attackers to inject forged events and execute unauthorized actions.
3 views•5 min read
•about 15 hours ago•GHSA-5M9R-P9G7-679C
5.3GHSA-5M9R-P9G7-679C: Rate Limit Bypass and Brute-Force Vulnerability in OpenClaw Zalo Webhook
OpenClaw versions prior to 2026.3.12 contain a logic flaw in the Zalo webhook handler where rate limiting is applied after authentication validation. This allows unauthenticated attackers to bypass request throttling and conduct unbounded brute-force attacks against the webhook secret token.
2 views•7 min read
•about 15 hours ago•CVE-2026-32630
5.3CVE-2026-32630: Denial of Service via Data Amplification in file-type npm Package
The file-type npm package, versions 20.0.0 through 21.3.1, contains a CWE-409 (Improper Handling of Highly Compressed Data) vulnerability. The package fails to consistently apply memory allocation limits when decompressing internal ZIP file entries, allowing an unauthenticated remote attacker to trigger a Denial of Service (DoS) via a crafted, highly compressed ZIP archive.
8 views•6 min read