diff --git a/advisories/feed.json b/advisories/feed.json index 22cb54c..07f4efa 100644 --- a/advisories/feed.json +++ b/advisories/feed.json @@ -1,8 +1,860 @@ { "version": "0.0.3", - "updated": "2026-03-30T06:34:41Z", + "updated": "2026-04-05T06:25:01Z", "description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.", "advisories": [ + { + "id": "CVE-2026-34511", + "severity": "medium", + "type": "unknown_cwe_330", + "nvd_category_id": "CWE-330", + "title": "OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth f...", + "description": "OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.", + "affected": [ + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-04-03T21:17:11.517", + "references": [ + "https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf", + "https://www.vulncheck.com/advisories/openclaw-pkce-verifier-exposure-via-oauth-state-parameter" + ], + "cvss_score": 5.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34511", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (5.3); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": true, + "complexity": "high" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34426", + "severity": "high", + "type": "unknown_cwe_184", + "nvd_category_id": "CWE-184", + "title": "OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsiste...", + "description": "OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.", + "affected": [ + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-04-02T19:21:31.727", + "references": [ + "https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7", + "https://github.com/openclaw/openclaw/pull/59182", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47" + ], + "cvss_score": 7.6, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34426", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (7.6); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": true, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34425", + "severity": "medium", + "type": "unknown_cwe_184", + "nvd_category_id": "CWE-184", + "title": "OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in she...", + "description": "OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped execution, command substitution, or subshell invocation to bypass the validateScriptFileForShellBleed() validation checks and execute arbitrary script content that would otherwise be blocked.", + "affected": [ + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-04-02T19:21:31.507", + "references": [ + "https://github.com/openclaw/openclaw/commit/8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4q", + "https://www.vulncheck.com/advisories/openclaw-shell-bleed-protection-preflight-validation-bypass" + ], + "cvss_score": 5.4, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34425", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (5.4); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34510", + "severity": "medium", + "type": "unknown_cwe_41", + "nvd_category_id": "CWE-41", + "title": "OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that acce...", + "description": "OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended access restrictions.", + "affected": [ + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-04-01T16:23:50.567", + "references": [ + "https://github.com/openclaw/openclaw/commit/4fd7feb0fd4ec16c48ed983980dba79a09b3aaf5", + "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", + "https://github.com/openclaw/openclaw/commit/93880717f1cd34feaa45e74e939b7a5256288901" + ], + "cvss_score": 5.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34510", + "exploitability_score": "high", + "exploitability_rationale": "Medium CVSS score (5.3); remotely exploitable without authentication; path traversal affects agents with file access", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34504", + "severity": "high", + "type": "server_side_request_forgery", + "nvd_category_id": "CWE-918", + "title": "OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider i...", + "description": "OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service metadata and responses through the image pipeline.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:19.687", + "references": [ + "https://github.com/openclaw/openclaw/commit/80d1e8a11a2ac118c7f7a70bba9c862b6141d928", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3", + "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-image-download-in-fal-provider" + ], + "cvss_score": 8.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34504", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (8.3); remotely exploitable without authentication; SSRF affects agents making external requests", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34503", + "severity": "high", + "type": "unknown_cwe_613", + "nvd_category_id": "CWE-613", + "title": "OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or ...", + "description": "OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:19.470", + "references": [ + "https://github.com/openclaw/openclaw/commit/7a801cc451e9e667b705eeccff651923a1b8c863", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-2pr2-hcv6-7gwv", + "https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-on-device-removal-and-token-revocation" + ], + "cvss_score": 8.1, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34503", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (8.1); network accessible; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33581", + "severity": "medium", + "type": "path_traversal", + "nvd_category_id": "CWE-22", + "title": "OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows at...", + "description": "OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidated alias parameters to access files outside the intended sandbox directory.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:15.373", + "references": [ + "https://github.com/openclaw/openclaw/commit/1d7cb6fc03552bbba00e7cffb3aa9741f5556416", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq", + "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-mediaurl-and-fileurl-parameters" + ], + "cvss_score": 6.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33581", + "exploitability_score": "high", + "exploitability_rationale": "Medium CVSS score (6.5); network accessible; path traversal affects agents with file access", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33580", + "severity": "medium", + "type": "unknown_cwe_307", + "nvd_category_id": "CWE-307", + "title": "OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webho...", + "description": "OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting authentication without throttling.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:15.170", + "references": [ + "https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-9528-x887-j2fp", + "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-rate-limiting-on-webhook-shared-secret-authentication" + ], + "cvss_score": 6.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33580", + "exploitability_score": "high", + "exploitability_rationale": "Medium CVSS score (6.5); remotely exploitable without authentication; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33579", + "severity": "high", + "type": "incorrect_authorization", + "nvd_category_id": "CWE-863", + "title": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command...", + "description": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:14.960", + "references": [ + "https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497", + "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval" + ], + "cvss_score": 8.1, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33579", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (8.1); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33578", + "severity": "medium", + "type": "incorrect_authorization", + "nvd_category_id": "CWE-863", + "title": "OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalou...", + "description": "OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots despite configured allowlist restrictions.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:14.757", + "references": [ + "https://github.com/openclaw/openclaw/commit/e64a881ae0fb8af18e451163f4c2d611d60cc8e4", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-63mg-xp9j-jfcm", + "https://www.vulncheck.com/advisories/openclaw-sender-policy-allowlist-bypass-via-policy-downgrade-in-google-chat-and-zalouser-extensions" + ], + "cvss_score": 4.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33578", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (4.3); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33577", + "severity": "high", + "type": "incorrect_authorization", + "nvd_category_id": "CWE-863", + "title": "OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairin...", + "description": "OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired nodes beyond their authorization level.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:14.530", + "references": [ + "https://github.com/openclaw/openclaw/commit/4d7cc6bb4fac68b5a5fadd1c5a23168281221f34", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-2x4x-cc5g-qmmg", + "https://www.vulncheck.com/advisories/openclaw-insufficient-scope-validation-in-node-pair-approve" + ], + "cvss_score": 8.1, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33577", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (8.1); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33576", + "severity": "medium", + "type": "incorrect_authorization", + "nvd_category_id": "CWE-863", + "title": "OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating se...", + "description": "OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:14.327", + "references": [ + "https://github.com/openclaw/openclaw/commit/68ceaf7a5f64a23e78b95eff055e4b497218312a", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-v2v2-f783-358j", + "https://www.vulncheck.com/advisories/openclaw-unauthorized-media-download-via-zalo-channel" + ], + "cvss_score": 6.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33576", + "exploitability_score": "high", + "exploitability_rationale": "Medium CVSS score (6.5); remotely exploitable without authentication; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34506", + "severity": "medium", + "type": "incorrect_authorization", + "nvd_category_id": "CWE-863", + "title": "OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plu...", + "description": "OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesizes wildcard sender authorization, permitting any sender in the matched team/channel to trigger replies in allowlisted Teams routes.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:30.440", + "references": [ + "https://github.com/openclaw/openclaw/commit/88aee9161e0e6d32e810a25711e32a808a1777b2", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-g7cr-9h7q-4qxq", + "https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-in-microsoft-teams-plugin-via-route-allowlist-configuration" + ], + "cvss_score": 4.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34506", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (4.3); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34505", + "severity": "medium", + "type": "unknown_cwe_307", + "nvd_category_id": "CWE-307", + "title": "OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowi...", + "description": "OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling systematic secret guessing and subsequent forged webhook submission.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:30.237", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-5m9r-p9g7-679c", + "https://www.vulncheck.com/advisories/openclaw-webhook-rate-limiting-bypass-via-pre-authentication-secret-validation" + ], + "cvss_score": 6.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34505", + "exploitability_score": "high", + "exploitability_rationale": "Medium CVSS score (6.5); remotely exploitable without authentication; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32988", + "severity": "high", + "type": "unknown_cwe_367", + "nvd_category_id": "CWE-367", + "title": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged write...", + "description": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes outside the intended validated path before the final guarded replace step executes.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:30.047", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-mj4p-rc52-m843", + "https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-unvalidated-temporary-file-creation" + ], + "cvss_score": 7.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32988", + "exploitability_score": "medium", + "exploitability_rationale": "High CVSS score (7.5); requires local access", + "attack_vector_analysis": { + "is_network_accessible": false, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "high" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32982", + "severity": "high", + "type": "unknown_cwe_532", + "nvd_category_id": "CWE-532", + "title": "OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia f...", + "description": "OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to logs and error surfaces.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:29.850", + "references": [ + "https://github.com/openclaw/openclaw/commit/7a53eb7ea8295b08be137e231c9a98c1a79b5cd5", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-xwcj-hwhf-h378", + "https://www.vulncheck.com/advisories/openclaw-telegram-bot-token-exposure-in-media-fetch-error-logs" + ], + "cvss_score": 7.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32982", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (7.5); remotely exploitable without authentication", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32977", + "severity": "medium", + "type": "unknown_cwe_367", + "nvd_category_id": "CWE-367", + "title": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFil...", + "description": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker can exploit a time-of-check-time-of-use race condition by modifying parent paths inside the sandbox to redirect committed files outside the validated writable path within the container mount namespace.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:29.660", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-xvx8-77m6-gwg6", + "https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-unanchored-writefile-commit-path" + ], + "cvss_score": 6.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32977", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (6.3); requires local access", + "attack_vector_analysis": { + "is_network_accessible": false, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "high" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32976", + "severity": "medium", + "type": "insecure_direct_object_reference", + "nvd_category_id": "CWE-639", + "title": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands t...", + "description": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts. to modify configuration on target accounts with configWrites: false.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:29.470", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-8jhh-jcqg-mj5p", + "https://www.vulncheck.com/advisories/openclaw-account-scoped-configwrites-policy-bypass-via-channel-commands" + ], + "cvss_score": 6.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32976", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (6.5); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32971", + "severity": "high", + "type": "unknown_cwe_451", + "nvd_category_id": "CWE-451", + "title": "OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run appro...", + "description": "OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve misleading command text.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:29.280", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-rw39-5899-8mxp", + "https://www.vulncheck.com/advisories/openclaw-node-host-approval-ui-mismatch-allows-execution-of-unintended-commands" + ], + "cvss_score": 7.1, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32971", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (7.1); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": true, + "complexity": "high" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32970", + "severity": "low", + "type": "unknown_cwe_636", + "nvd_category_id": "CWE-636", + "title": "OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gatew...", + "description": "OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CLI and helper paths to select incorrect credential sources, potentially bypassing intended local authentication boundaries.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:29.113", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-qvr7-g57c-mrc7", + "https://www.vulncheck.com/advisories/openclaw-credential-fallback-logic-bypass-via-unavailable-local-auth-secretrefs" + ], + "cvss_score": 2.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32970", + "exploitability_score": "high", + "exploitability_rationale": "Low CVSS score (2.5); requires local access; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": false, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "high" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32921", + "severity": "medium", + "type": "unknown_cwe_367", + "nvd_category_id": "CWE-367", + "title": "OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable scrip...", + "description": "OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content while maintaining the same approved command shape.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:28.920", + "references": [ + "https://github.com/openclaw/openclaw/commit/c76d29208bf6a7f058d2cf582519d28069e42240", + "https://github.com/openclaw/openclaw/commit/cf3a479bd1204f62eef7dd82b4aa328749ae6c91", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-8g75-q649-6pv6" + ], + "cvss_score": 6.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32921", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (6.3); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32920", + "severity": "high", + "type": "unknown_cwe_829", + "nvd_category_id": "CWE-829", + "title": "OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ witho...", + "description": "OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run OpenClaw from the directory.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:28.727", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-99qw-6mr3-36qr", + "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-auto-discovery-of-workspace-plugins" + ], + "cvss_score": 8.4, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32920", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (8.4); requires local access; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": false, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32917", + "severity": "critical", + "type": "os_command_injection", + "nvd_category_id": "CWE-78", + "title": "OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachme...", + "description": "OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:28.487", + "references": [ + "https://github.com/openclaw/openclaw/commit/a54bf71b4c0cbe554a84340b773df37ee8e959de", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-g2f6-pwvx-r275", + "https://www.vulncheck.com/advisories/openclaw-remote-command-injection-via-unsanitized-imessage-attachment-paths-in-scp" + ], + "cvss_score": 9.8, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32917", + "exploitability_score": "high", + "exploitability_rationale": "Critical CVSS score (9.8); remotely exploitable without authentication; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32916", + "severity": "critical", + "type": "unknown_cwe_266", + "nvd_category_id": "CWE-266", + "title": "OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plug...", + "description": "OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway actions including session deletion and agent execution.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:28.197", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-xw77-45gv-p728", + "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-plugin-subagent-routes-via-synthetic-admin-scopes" + ], + "cvss_score": 9.4, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32916", + "exploitability_score": "high", + "exploitability_rationale": "Critical CVSS score (9.4); remotely exploitable without authentication", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, { "id": "CVE-2026-33575", "severity": "high", @@ -11,6 +863,7 @@ "title": "OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup cod...", "description": "OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -45,6 +898,7 @@ "title": "OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer th...", "description": "OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to redirect the installer outside the intended tools directory.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -80,6 +934,7 @@ "title": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC th...", "description": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -114,6 +969,7 @@ "title": "OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissio...", "description": "OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -149,6 +1005,7 @@ "title": "OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verifica...", "description": "OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scopes, including privilege escalation to operator.admin.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -184,6 +1041,7 @@ "title": "OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-...", "description": "OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket time, and JSON parsing work before authentication validation occurs.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -219,6 +1077,7 @@ "title": "OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute...", "description": "OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -253,6 +1112,7 @@ "title": "OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fa...", "description": "OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -287,6 +1147,7 @@ "title": "OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode tha...", "description": "OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages from unintended groups to the agent.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -321,6 +1182,7 @@ "title": "OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode whe...", "description": "OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution by reaching the webhook endpoint.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -355,6 +1217,7 @@ "title": "OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlist...", "description": "OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -389,6 +1252,7 @@ "title": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated oper...", "description": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist attacker-controlled remote CDP endpoints to disk without holding operator.admin privileges.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -423,6 +1287,7 @@ "title": "OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction event...", "description": "OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group chat reaction-derived events.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -457,6 +1322,7 @@ "title": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction i...", "description": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild members can trigger reaction events accepted as trusted system events, injecting reaction text into downstream session context.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -491,6 +1357,7 @@ "title": "OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that ...", "description": "OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run or gain unauthorized gateway-admin access.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -525,6 +1392,7 @@ "title": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped calle...", "description": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holding operator.admin privileges.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -559,6 +1427,7 @@ "title": "OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool...", "description": "OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -593,6 +1462,7 @@ "title": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents t...", "description": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -627,6 +1497,7 @@ "title": "OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /...", "description": "OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modify privileged configuration settings restricted to owners by exploiting missing owner-level permission checks.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -655,12 +1526,13 @@ }, { "id": "CVE-2026-32846", - "severity": "medium", + "severity": "high", "type": "path_traversal", "nvd_category_id": "CWE-22", "title": "OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in medi...", "description": "OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -673,7 +1545,7 @@ "https://github.com/openclaw/openclaw/pull/54642", "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r" ], - "cvss_score": null, + "cvss_score": 7.5, "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32846", "exploitability_score": "unknown", "exploitability_rationale": "No CVSS score available; requires local access; path traversal affects agents with file access", diff --git a/advisories/feed.json.sig b/advisories/feed.json.sig index f970ce3..d6dba2f 100644 --- a/advisories/feed.json.sig +++ b/advisories/feed.json.sig @@ -1 +1 @@ -TSqRdhkeagwdloGmkm82bHTXmkyxz/GWKAJ76rT0VhamxYlEW2Mb7ETqGDP/CORntEGxujpUUzpihNhXfoz8CQ== \ No newline at end of file +IymDYKV5dpI6plBt0izWnTjURmHPEO3gdNf5rg0axYe+ErK+6NapY76t37BdiIUDuBCTuL7SMZc7VwnzP+ttBg== \ No newline at end of file diff --git a/skills/clawsec-feed/advisories/feed.json b/skills/clawsec-feed/advisories/feed.json index 22cb54c..07f4efa 100644 --- a/skills/clawsec-feed/advisories/feed.json +++ b/skills/clawsec-feed/advisories/feed.json @@ -1,8 +1,860 @@ { "version": "0.0.3", - "updated": "2026-03-30T06:34:41Z", + "updated": "2026-04-05T06:25:01Z", "description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.", "advisories": [ + { + "id": "CVE-2026-34511", + "severity": "medium", + "type": "unknown_cwe_330", + "nvd_category_id": "CWE-330", + "title": "OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth f...", + "description": "OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.", + "affected": [ + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-04-03T21:17:11.517", + "references": [ + "https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf", + "https://www.vulncheck.com/advisories/openclaw-pkce-verifier-exposure-via-oauth-state-parameter" + ], + "cvss_score": 5.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34511", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (5.3); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": true, + "complexity": "high" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34426", + "severity": "high", + "type": "unknown_cwe_184", + "nvd_category_id": "CWE-184", + "title": "OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsiste...", + "description": "OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.", + "affected": [ + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-04-02T19:21:31.727", + "references": [ + "https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7", + "https://github.com/openclaw/openclaw/pull/59182", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47" + ], + "cvss_score": 7.6, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34426", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (7.6); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": true, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34425", + "severity": "medium", + "type": "unknown_cwe_184", + "nvd_category_id": "CWE-184", + "title": "OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in she...", + "description": "OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped execution, command substitution, or subshell invocation to bypass the validateScriptFileForShellBleed() validation checks and execute arbitrary script content that would otherwise be blocked.", + "affected": [ + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-04-02T19:21:31.507", + "references": [ + "https://github.com/openclaw/openclaw/commit/8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4q", + "https://www.vulncheck.com/advisories/openclaw-shell-bleed-protection-preflight-validation-bypass" + ], + "cvss_score": 5.4, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34425", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (5.4); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34510", + "severity": "medium", + "type": "unknown_cwe_41", + "nvd_category_id": "CWE-41", + "title": "OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that acce...", + "description": "OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended access restrictions.", + "affected": [ + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-04-01T16:23:50.567", + "references": [ + "https://github.com/openclaw/openclaw/commit/4fd7feb0fd4ec16c48ed983980dba79a09b3aaf5", + "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", + "https://github.com/openclaw/openclaw/commit/93880717f1cd34feaa45e74e939b7a5256288901" + ], + "cvss_score": 5.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34510", + "exploitability_score": "high", + "exploitability_rationale": "Medium CVSS score (5.3); remotely exploitable without authentication; path traversal affects agents with file access", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34504", + "severity": "high", + "type": "server_side_request_forgery", + "nvd_category_id": "CWE-918", + "title": "OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider i...", + "description": "OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service metadata and responses through the image pipeline.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:19.687", + "references": [ + "https://github.com/openclaw/openclaw/commit/80d1e8a11a2ac118c7f7a70bba9c862b6141d928", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3", + "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-image-download-in-fal-provider" + ], + "cvss_score": 8.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34504", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (8.3); remotely exploitable without authentication; SSRF affects agents making external requests", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34503", + "severity": "high", + "type": "unknown_cwe_613", + "nvd_category_id": "CWE-613", + "title": "OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or ...", + "description": "OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:19.470", + "references": [ + "https://github.com/openclaw/openclaw/commit/7a801cc451e9e667b705eeccff651923a1b8c863", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-2pr2-hcv6-7gwv", + "https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-on-device-removal-and-token-revocation" + ], + "cvss_score": 8.1, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34503", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (8.1); network accessible; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33581", + "severity": "medium", + "type": "path_traversal", + "nvd_category_id": "CWE-22", + "title": "OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows at...", + "description": "OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidated alias parameters to access files outside the intended sandbox directory.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:15.373", + "references": [ + "https://github.com/openclaw/openclaw/commit/1d7cb6fc03552bbba00e7cffb3aa9741f5556416", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq", + "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-mediaurl-and-fileurl-parameters" + ], + "cvss_score": 6.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33581", + "exploitability_score": "high", + "exploitability_rationale": "Medium CVSS score (6.5); network accessible; path traversal affects agents with file access", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33580", + "severity": "medium", + "type": "unknown_cwe_307", + "nvd_category_id": "CWE-307", + "title": "OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webho...", + "description": "OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting authentication without throttling.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:15.170", + "references": [ + "https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-9528-x887-j2fp", + "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-rate-limiting-on-webhook-shared-secret-authentication" + ], + "cvss_score": 6.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33580", + "exploitability_score": "high", + "exploitability_rationale": "Medium CVSS score (6.5); remotely exploitable without authentication; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33579", + "severity": "high", + "type": "incorrect_authorization", + "nvd_category_id": "CWE-863", + "title": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command...", + "description": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:14.960", + "references": [ + "https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497", + "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval" + ], + "cvss_score": 8.1, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33579", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (8.1); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33578", + "severity": "medium", + "type": "incorrect_authorization", + "nvd_category_id": "CWE-863", + "title": "OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalou...", + "description": "OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots despite configured allowlist restrictions.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:14.757", + "references": [ + "https://github.com/openclaw/openclaw/commit/e64a881ae0fb8af18e451163f4c2d611d60cc8e4", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-63mg-xp9j-jfcm", + "https://www.vulncheck.com/advisories/openclaw-sender-policy-allowlist-bypass-via-policy-downgrade-in-google-chat-and-zalouser-extensions" + ], + "cvss_score": 4.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33578", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (4.3); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33577", + "severity": "high", + "type": "incorrect_authorization", + "nvd_category_id": "CWE-863", + "title": "OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairin...", + "description": "OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired nodes beyond their authorization level.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:14.530", + "references": [ + "https://github.com/openclaw/openclaw/commit/4d7cc6bb4fac68b5a5fadd1c5a23168281221f34", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-2x4x-cc5g-qmmg", + "https://www.vulncheck.com/advisories/openclaw-insufficient-scope-validation-in-node-pair-approve" + ], + "cvss_score": 8.1, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33577", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (8.1); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-33576", + "severity": "medium", + "type": "incorrect_authorization", + "nvd_category_id": "CWE-863", + "title": "OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating se...", + "description": "OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T15:16:14.327", + "references": [ + "https://github.com/openclaw/openclaw/commit/68ceaf7a5f64a23e78b95eff055e4b497218312a", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-v2v2-f783-358j", + "https://www.vulncheck.com/advisories/openclaw-unauthorized-media-download-via-zalo-channel" + ], + "cvss_score": 6.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33576", + "exploitability_score": "high", + "exploitability_rationale": "Medium CVSS score (6.5); remotely exploitable without authentication; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34506", + "severity": "medium", + "type": "incorrect_authorization", + "nvd_category_id": "CWE-863", + "title": "OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plu...", + "description": "OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesizes wildcard sender authorization, permitting any sender in the matched team/channel to trigger replies in allowlisted Teams routes.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:30.440", + "references": [ + "https://github.com/openclaw/openclaw/commit/88aee9161e0e6d32e810a25711e32a808a1777b2", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-g7cr-9h7q-4qxq", + "https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-in-microsoft-teams-plugin-via-route-allowlist-configuration" + ], + "cvss_score": 4.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34506", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (4.3); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-34505", + "severity": "medium", + "type": "unknown_cwe_307", + "nvd_category_id": "CWE-307", + "title": "OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowi...", + "description": "OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling systematic secret guessing and subsequent forged webhook submission.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:30.237", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-5m9r-p9g7-679c", + "https://www.vulncheck.com/advisories/openclaw-webhook-rate-limiting-bypass-via-pre-authentication-secret-validation" + ], + "cvss_score": 6.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34505", + "exploitability_score": "high", + "exploitability_rationale": "Medium CVSS score (6.5); remotely exploitable without authentication; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32988", + "severity": "high", + "type": "unknown_cwe_367", + "nvd_category_id": "CWE-367", + "title": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged write...", + "description": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes outside the intended validated path before the final guarded replace step executes.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:30.047", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-mj4p-rc52-m843", + "https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-unvalidated-temporary-file-creation" + ], + "cvss_score": 7.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32988", + "exploitability_score": "medium", + "exploitability_rationale": "High CVSS score (7.5); requires local access", + "attack_vector_analysis": { + "is_network_accessible": false, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "high" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32982", + "severity": "high", + "type": "unknown_cwe_532", + "nvd_category_id": "CWE-532", + "title": "OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia f...", + "description": "OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to logs and error surfaces.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:29.850", + "references": [ + "https://github.com/openclaw/openclaw/commit/7a53eb7ea8295b08be137e231c9a98c1a79b5cd5", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-xwcj-hwhf-h378", + "https://www.vulncheck.com/advisories/openclaw-telegram-bot-token-exposure-in-media-fetch-error-logs" + ], + "cvss_score": 7.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32982", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (7.5); remotely exploitable without authentication", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32977", + "severity": "medium", + "type": "unknown_cwe_367", + "nvd_category_id": "CWE-367", + "title": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFil...", + "description": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker can exploit a time-of-check-time-of-use race condition by modifying parent paths inside the sandbox to redirect committed files outside the validated writable path within the container mount namespace.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:29.660", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-xvx8-77m6-gwg6", + "https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-unanchored-writefile-commit-path" + ], + "cvss_score": 6.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32977", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (6.3); requires local access", + "attack_vector_analysis": { + "is_network_accessible": false, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "high" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32976", + "severity": "medium", + "type": "insecure_direct_object_reference", + "nvd_category_id": "CWE-639", + "title": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands t...", + "description": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts. to modify configuration on target accounts with configWrites: false.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:29.470", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-8jhh-jcqg-mj5p", + "https://www.vulncheck.com/advisories/openclaw-account-scoped-configwrites-policy-bypass-via-channel-commands" + ], + "cvss_score": 6.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32976", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (6.5); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32971", + "severity": "high", + "type": "unknown_cwe_451", + "nvd_category_id": "CWE-451", + "title": "OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run appro...", + "description": "OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve misleading command text.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:29.280", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-rw39-5899-8mxp", + "https://www.vulncheck.com/advisories/openclaw-node-host-approval-ui-mismatch-allows-execution-of-unintended-commands" + ], + "cvss_score": 7.1, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32971", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (7.1); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": true, + "complexity": "high" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32970", + "severity": "low", + "type": "unknown_cwe_636", + "nvd_category_id": "CWE-636", + "title": "OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gatew...", + "description": "OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CLI and helper paths to select incorrect credential sources, potentially bypassing intended local authentication boundaries.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:29.113", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-qvr7-g57c-mrc7", + "https://www.vulncheck.com/advisories/openclaw-credential-fallback-logic-bypass-via-unavailable-local-auth-secretrefs" + ], + "cvss_score": 2.5, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32970", + "exploitability_score": "high", + "exploitability_rationale": "Low CVSS score (2.5); requires local access; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": false, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "high" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32921", + "severity": "medium", + "type": "unknown_cwe_367", + "nvd_category_id": "CWE-367", + "title": "OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable scrip...", + "description": "OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content while maintaining the same approved command shape.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:28.920", + "references": [ + "https://github.com/openclaw/openclaw/commit/c76d29208bf6a7f058d2cf582519d28069e42240", + "https://github.com/openclaw/openclaw/commit/cf3a479bd1204f62eef7dd82b4aa328749ae6c91", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-8g75-q649-6pv6" + ], + "cvss_score": 6.3, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32921", + "exploitability_score": "medium", + "exploitability_rationale": "Medium CVSS score (6.3); network accessible", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": true, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32920", + "severity": "high", + "type": "unknown_cwe_829", + "nvd_category_id": "CWE-829", + "title": "OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ witho...", + "description": "OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run OpenClaw from the directory.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:28.727", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-99qw-6mr3-36qr", + "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-auto-discovery-of-workspace-plugins" + ], + "cvss_score": 8.4, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32920", + "exploitability_score": "high", + "exploitability_rationale": "High CVSS score (8.4); requires local access; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": false, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32917", + "severity": "critical", + "type": "os_command_injection", + "nvd_category_id": "CWE-78", + "title": "OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachme...", + "description": "OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:28.487", + "references": [ + "https://github.com/openclaw/openclaw/commit/a54bf71b4c0cbe554a84340b773df37ee8e959de", + "https://github.com/openclaw/openclaw/security/advisories/GHSA-g2f6-pwvx-r275", + "https://www.vulncheck.com/advisories/openclaw-remote-command-injection-via-unsanitized-imessage-attachment-paths-in-scp" + ], + "cvss_score": 9.8, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32917", + "exploitability_score": "high", + "exploitability_rationale": "Critical CVSS score (9.8); remotely exploitable without authentication; RCE is critical in agent deployments", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, + { + "id": "CVE-2026-32916", + "severity": "critical", + "type": "unknown_cwe_266", + "nvd_category_id": "CWE-266", + "title": "OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plug...", + "description": "OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway actions including session deletion and agent execution.", + "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", + "openclaw@*" + ], + "platforms": [ + "openclaw" + ], + "action": "Review and update affected components. See NVD for remediation details.", + "published": "2026-03-31T12:16:28.197", + "references": [ + "https://github.com/openclaw/openclaw/security/advisories/GHSA-xw77-45gv-p728", + "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-plugin-subagent-routes-via-synthetic-admin-scopes" + ], + "cvss_score": 9.4, + "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32916", + "exploitability_score": "high", + "exploitability_rationale": "Critical CVSS score (9.4); remotely exploitable without authentication", + "attack_vector_analysis": { + "is_network_accessible": true, + "requires_authentication": false, + "requires_user_interaction": false, + "complexity": "low" + }, + "exploit_detection": { + "exploit_available": false, + "exploit_sources": [] + } + }, { "id": "CVE-2026-33575", "severity": "high", @@ -11,6 +863,7 @@ "title": "OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup cod...", "description": "OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -45,6 +898,7 @@ "title": "OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer th...", "description": "OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to redirect the installer outside the intended tools directory.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -80,6 +934,7 @@ "title": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC th...", "description": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -114,6 +969,7 @@ "title": "OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissio...", "description": "OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -149,6 +1005,7 @@ "title": "OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verifica...", "description": "OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scopes, including privilege escalation to operator.admin.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -184,6 +1041,7 @@ "title": "OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-...", "description": "OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket time, and JSON parsing work before authentication validation occurs.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -219,6 +1077,7 @@ "title": "OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute...", "description": "OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -253,6 +1112,7 @@ "title": "OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fa...", "description": "OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -287,6 +1147,7 @@ "title": "OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode tha...", "description": "OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages from unintended groups to the agent.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -321,6 +1182,7 @@ "title": "OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode whe...", "description": "OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution by reaching the webhook endpoint.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -355,6 +1217,7 @@ "title": "OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlist...", "description": "OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -389,6 +1252,7 @@ "title": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated oper...", "description": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist attacker-controlled remote CDP endpoints to disk without holding operator.admin privileges.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -423,6 +1287,7 @@ "title": "OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction event...", "description": "OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group chat reaction-derived events.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -457,6 +1322,7 @@ "title": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction i...", "description": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild members can trigger reaction events accepted as trusted system events, injecting reaction text into downstream session context.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -491,6 +1357,7 @@ "title": "OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that ...", "description": "OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run or gain unauthorized gateway-admin access.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -525,6 +1392,7 @@ "title": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped calle...", "description": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holding operator.admin privileges.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -559,6 +1427,7 @@ "title": "OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool...", "description": "OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -593,6 +1462,7 @@ "title": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents t...", "description": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -627,6 +1497,7 @@ "title": "OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /...", "description": "OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modify privileged configuration settings restricted to owners by exploiting missing owner-level permission checks.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -655,12 +1526,13 @@ }, { "id": "CVE-2026-32846", - "severity": "medium", + "severity": "high", "type": "path_traversal", "nvd_category_id": "CWE-22", "title": "OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in medi...", "description": "OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys.", "affected": [ + "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "openclaw@*" ], "platforms": [ @@ -673,7 +1545,7 @@ "https://github.com/openclaw/openclaw/pull/54642", "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r" ], - "cvss_score": null, + "cvss_score": 7.5, "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32846", "exploitability_score": "unknown", "exploitability_rationale": "No CVSS score available; requires local access; path traversal affects agents with file access", diff --git a/skills/clawsec-feed/advisories/feed.json.sig b/skills/clawsec-feed/advisories/feed.json.sig index f970ce3..d6dba2f 100644 --- a/skills/clawsec-feed/advisories/feed.json.sig +++ b/skills/clawsec-feed/advisories/feed.json.sig @@ -1 +1 @@ -TSqRdhkeagwdloGmkm82bHTXmkyxz/GWKAJ76rT0VhamxYlEW2Mb7ETqGDP/CORntEGxujpUUzpihNhXfoz8CQ== \ No newline at end of file +IymDYKV5dpI6plBt0izWnTjURmHPEO3gdNf5rg0axYe+ErK+6NapY76t37BdiIUDuBCTuL7SMZc7VwnzP+ttBg== \ No newline at end of file