chore: CVE advisories - 0 new, 12 updated (#214)

Automated update from NVD CVE feed. Keywords: Poll window: 2026-04-29T06:48:08Z to 2026-04-30T06:49:19.000Z Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-13 05:28:02 +03:00 · 2026-04-30 15:04:42 +03:00
parent f8614a21b3
commit 0e22d8f9bd
4 changed files with 28 additions and 4 deletions
@@ -1,6 +1,6 @@
 {
  "version": "0.0.3",
-  "updated": "2026-04-29T06:48:08Z",
+  "updated": "2026-04-30T06:50:23Z",
  "description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.",
  "advisories": [
    {
@@ -2288,6 +2288,7 @@
      "title": "OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 ...",
      "description": "OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2357,6 +2358,7 @@
      "title": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated opera...",
      "description": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient access controls to reach sensitive administrative functionality and modify persistence mechanisms.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2427,6 +2429,7 @@
      "title": "OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbo...",
      "description": "OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variables from parent processes to SSH child processes.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2462,6 +2465,7 @@
      "title": "OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. ...",
      "description": "OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2675,6 +2679,7 @@
      "title": "OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to si...",
      "description": "OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2710,6 +2715,7 @@
      "title": "OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command an...",
      "description": "OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted group DM channels.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2781,6 +2787,7 @@
      "title": "OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead o...",
      "description": "OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit pairing requests from other accounts to block new pairing challenges on unaffected accounts, causing denial of service.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2852,6 +2859,7 @@
      "title": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint th...",
      "description": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or tool output intended to be restricted to administrators.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2922,6 +2930,7 @@
      "title": "OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding c...",
      "description": "OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture gateway credentials or traffic.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2956,6 +2965,7 @@
      "title": "OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that miscl...",
      "description": "OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement or trigger incorrect session handling.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -3027,6 +3037,7 @@
      "title": "OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapsho...",
      "description": "OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -3278,6 +3289,7 @@
      "title": "OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMP...",
      "description": "OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files to execute untrusted code or load malicious credentials.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -1 +1 @@
-1JW3oJ9A06V7y509Zd8gl/51OtlyJwkZjIox43kOW5fMuHPUTPgRPPfneOJ2PXmj2p0MBGMzPt6GMg5i9C6JDw==
+ApZoIS9dNxBG9U03w3FaeZs+dTr9xFtQ8acmjvpEYM+wIxqwxoNXTfGumf59n/HAiT5Zvdy2FDxrDs+iuMl1Cg==
@@ -1,6 +1,6 @@
 {
  "version": "0.0.3",
-  "updated": "2026-04-29T06:48:08Z",
+  "updated": "2026-04-30T06:50:23Z",
  "description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.",
  "advisories": [
    {
@@ -2288,6 +2288,7 @@
      "title": "OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 ...",
      "description": "OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2357,6 +2358,7 @@
      "title": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated opera...",
      "description": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient access controls to reach sensitive administrative functionality and modify persistence mechanisms.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2427,6 +2429,7 @@
      "title": "OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbo...",
      "description": "OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variables from parent processes to SSH child processes.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2462,6 +2465,7 @@
      "title": "OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. ...",
      "description": "OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2675,6 +2679,7 @@
      "title": "OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to si...",
      "description": "OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2710,6 +2715,7 @@
      "title": "OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command an...",
      "description": "OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted group DM channels.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2781,6 +2787,7 @@
      "title": "OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead o...",
      "description": "OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit pairing requests from other accounts to block new pairing challenges on unaffected accounts, causing denial of service.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2852,6 +2859,7 @@
      "title": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint th...",
      "description": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or tool output intended to be restricted to administrators.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2922,6 +2930,7 @@
      "title": "OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding c...",
      "description": "OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture gateway credentials or traffic.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -2956,6 +2965,7 @@
      "title": "OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that miscl...",
      "description": "OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement or trigger incorrect session handling.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -3027,6 +3037,7 @@
      "title": "OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapsho...",
      "description": "OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -3278,6 +3289,7 @@
      "title": "OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMP...",
      "description": "OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files to execute untrusted code or load malicious credentials.",
      "affected": [
        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
        "openclaw@*"
      ],
      "platforms": [
@@ -1 +1 @@
-1JW3oJ9A06V7y509Zd8gl/51OtlyJwkZjIox43kOW5fMuHPUTPgRPPfneOJ2PXmj2p0MBGMzPt6GMg5i9C6JDw==
+ApZoIS9dNxBG9U03w3FaeZs+dTr9xFtQ8acmjvpEYM+wIxqwxoNXTfGumf59n/HAiT5Zvdy2FDxrDs+iuMl1Cg==
		`@@ -1 +1 @@`
			`1JW3oJ9A06V7y509Zd8gl/51OtlyJwkZjIox43kOW5fMuHPUTPgRPPfneOJ2PXmj2p0MBGMzPt6GMg5i9C6JDw==`				`ApZoIS9dNxBG9U03w3FaeZs+dTr9xFtQ8acmjvpEYM+wIxqwxoNXTfGumf59n/HAiT5Zvdy2FDxrDs+iuMl1Cg==`