SB2026040833 - Multiple vulnerabilities in OpenClaw
Published: April 8, 2026 Updated: May 1, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 26 vulnerabilities.
1) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass executable authorization checks.
The vulnerability exists due to incorrect authorization in executable approval handling when processing executions through an unregistered /usr/bin/time wrapper. A remote user can invoke an approved inner command via the wrapper to bypass executable authorization checks.
2) Resource exhaustion (CVE-ID: N/A)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in remote media HTTP error body handling when processing remote media error responses. A remote attacker can return an HTTP error response with a large body to cause a denial of service.
3) Path traversal (CVE-ID: CVE-2026-34510)
CWE-ID: CWE-40 - Path Traversal: \'\\\\UNC\\share\\name\\\' (Windows UNC Share)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to access unintended network-hosted files as local content.
The vulnerability exists due to path traversal through Windows UNC share handling in Windows local-media handling and local-file access validation when processing remote-host file URLs or UNC-style paths. A remote attacker can supply a specially crafted file URL or UNC path to access unintended network-hosted files as local content.
This issue affects Windows-specific handling of local media paths.
4) Authorization bypass through user-controlled key (CVE-ID: N/A)
CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to redirect reply delivery to a different user.
The vulnerability exists due to improper identity resolution in the Synology Chat webhook handler when resolving reply recipients from usernames. A remote user can change or control a username match to redirect reply delivery to a different user.
Replies may be rebound to a mutable username match instead of the stable numeric user_id recorded by the webhook event.
5) Improper input validation (CVE-ID: N/A)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to influence CLI routing.
The vulnerability exists due to improper endpoint validation in bonjour and DNS-SD discovery handling when processing TXT-only discovery metadata after service resolution fails. A remote attacker can advertise specially crafted discovery metadata to influence CLI routing.
The issue occurs when unresolved TXT host and port hints are used to choose the target despite failed service resolution.
6) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to trigger unauthorized computational work.
The vulnerability exists due to incorrect authorization in Nostr inbound DM handling when processing inbound direct messages. A remote attacker can send unauthorized direct messages to trigger unauthorized computational work.
The issue occurs because cryptographic and dispatch work is performed before sender and pairing policy enforcement.
7) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to retain privileged scopes without device identity.
The vulnerability exists due to improper access control in trusted-proxy Control UI session handling when processing sessions on the device-less allow path. A remote user can declare privileged scopes in a session to retain privileged scopes without device identity.
The issue affects trusted-proxy Control UI sessions that do not have device identity.
8) Improper Verification of Source of a Communication Channel (CVE-ID: N/A)
CWE-ID: CWE-940 - Improper Verification of Source of a Communication Channel
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary instructions in the app.
The vulnerability exists due to improper verification of source of a communication channel in the Android canvas WebView JavascriptInterface bridge when handling pages from untrusted origins. A remote attacker can load an attacker-controlled page that invokes the bridge to execute arbitrary instructions in the app.
9) Resource exhaustion (CVE-ID: N/A)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in the voice call webhook handler when processing webhook requests before provider signature checks. A remote attacker can send crafted webhook requests with oversized request bodies to cause a denial of service.
The issue is bounded by pre-auth body caps and occurs before signature verification.
10) External Control of System or Configuration Setting (CVE-ID: N/A)
CWE-ID: CWE-15 - External Control of System or Configuration Setting
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to alter environment settings for host command execution.
The vulnerability exists due to external control of system or configuration setting in gateway host exec environment override handling when processing environment override keys. A remote user can supply blocked or malformed override keys to alter environment settings for host command execution.
11) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to perform unauthorized queued node actions.
The vulnerability exists due to incorrect authorization in queued node action delivery when delivering previously queued actions after command policy changes. A remote user can queue an action before policy tightening and have it delivered later to perform unauthorized queued node actions.
12) Reliance on Untrusted Inputs in a Security Decision (CVE-ID: N/A)
CWE-ID: CWE-807 - Reliance on Untrusted Inputs in a Security Decision
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to suppress dangerous-tool prompting.
The vulnerability exists due to reliance on untrusted inputs in a security decision in ACP permission resolution when processing conflicting tool identity hints from rawInput and metadata. A remote attacker can provide conflicting tool identity hints to suppress dangerous-tool prompting.
13) Improper Authorization (CVE-ID: N/A)
CWE-ID: CWE-285 - Improper Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass DM access control.
The vulnerability exists due to improper authorization in Synology Chat webhook route ownership handling when processing multi-account configurations with shared webhook paths. A remote user can configure or trigger a duplicate webhook path to bypass DM access control.
The issue occurs when multiple account configurations collapse onto a shared webhook path, causing route ownership replacement and loss of per-account policy separation.
14) Improper Authorization (CVE-ID: N/A)
CWE-ID: CWE-285 - Improper Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to send messages to controlled child sessions outside intended authorization scope.
The vulnerability exists due to improper authorization in the send action for subagent sessions when processing send requests from leaf subagents with a narrower controlScope than their children. A remote user can send a crafted message request to send messages to controlled child sessions outside intended authorization scope.
The issue affects leaf subagents that can use the send action against controlled child sessions despite a narrower controlScope.
15) Authentication Bypass by Spoofing (CVE-ID: N/A)
CWE-ID: CWE-290 - Authentication Bypass by Spoofing
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass authentication and rate limiting.
The vulnerability exists due to authentication bypass by spoofing in client origin resolution for canvas auth and auth-rate-limit paths when processing forwarding headers with trusted proxies configured. A remote attacker can send spoofed forwarding headers with loopback hops to bypass authentication and rate limiting.
Exploitation requires gateway.trustedProxies to be configured.
16) Permissive List of Allowed Inputs (CVE-ID: CVE-2026-41387)
CWE-ID: CWE-183 - Permissive List of Allowed Inputs
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute trojanized content.
The vulnerability exists due to permissive list of allowed inputs in src/infra/host-env-security-policy.json and src/infra/host-env-security.ts when processing package-manager and related environment override variables. A remote attacker can cause an approved exec request to use attacker-controlled infrastructure to execute trojanized content.
User interaction is required through an approved exec request, and the issue can redirect package resolution or runtime bootstrap to attacker-controlled infrastructure.
17) Improper access control (CVE-ID: CVE-2026-41353)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass profile restrictions.
The vulnerability exists due to improper access control in the node browser proxy allowProfiles mechanism when selecting profiles at runtime after persistent profile mutation. A remote user can modify profile state and select a runtime profile to bypass profile restrictions.
18) Improper privilege management (CVE-ID: CVE-2026-41386)
CWE-ID: CWE-269 - Improper Privilege Management
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to escalate privileges.
The vulnerability exists due to improper privilege management in bootstrap setup code handling when pairing a device for first use. A remote attacker can use a setup code not bound to the intended device role and scopes to escalate privileges.
The issue occurs during first-use pairing.
19) Improper privilege management (CVE-ID: CVE-2026-35639)
CWE-ID: CWE-269 - Improper Privilege Management
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to escalate privileges.
The vulnerability exists due to improper privilege management in device.pair.approve when approving a pending device request with requested operator scopes. A remote user can approve a pending device request for broader operator scopes than they hold to escalate privileges.
This can elevate a newly paired device into operator.admin, enabling access to node remote code execution capabilities.
20) Information disclosure (CVE-ID: CVE-2026-35644)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to exposure of sensitive information in gateway snapshot fields when returning data from config.get and channels.status. A remote user can read credential-bearing baseUrl and related endpoint fields to disclose sensitive information.
The issue affects read-scoped gateway snapshots and exposes credentials embedded in URL userinfo fields.
21) Incorrect authorization (CVE-ID: CVE-2026-35652)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to perform unauthorized sender actions.
The vulnerability exists due to incorrect authorization in Mattermost interactive callback dispatch in extensions/mattermost/src/mattermost/interactions.ts and callback authorization routing in extensions/mattermost/src/mattermost/monitor.ts when handling interactive callbacks. A remote user can send a crafted callback to perform unauthorized sender actions.
22) Authorization bypass through user-controlled key (CVE-ID: CVE-2026-35624)
CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass room authorization.
The vulnerability exists due to authorization bypass through a user-controlled key in the Nextcloud Talk room allowlist authorization logic when matching room identities by collidable room names instead of stable room tokens. A remote user can use a similarly named room to bypass room authorization.
23) Improper access control (CVE-ID: CVE-2026-35622)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass webhook authentication.
The vulnerability exists due to improper access control in Google Chat app-url webhook verification when validating add-on principals. A remote attacker can send a webhook request using an add-on principal outside the intended deployment binding to bypass webhook authentication.
24) Incorrect authorization (CVE-ID: CVE-2026-35649)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass intended access revocation.
The vulnerability exists due to incorrect authorization in Tlon settings reconciliation when processing explicit empty allowlists. A remote user can configure an explicit empty allowlist to bypass intended access revocation.
25) Missing Authorization (CVE-ID: CVE-2026-35631)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to perform unauthorized mutating control-plane actions.
The vulnerability exists due to missing authorization in internal ACP chat commands when handling mutating internal ACP actions. A remote user can invoke crafted chat commands to perform unauthorized mutating control-plane actions.
The issue affects mutating commands that should have been restricted by the operator.admin scope separating read-only and mutating actions.
26) Incorrect authorization (CVE-ID: CVE-2026-35637)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to access content before authorization is completed.
The vulnerability exists due to incorrect authorization in the Tlon cite expansion handler when processing cite expansion in channels and direct messages. A remote user can trigger cite expansion before the final authorization decision to access content before authorization is completed.
Remediation
Install update from vendor's website.
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-qm9x-v7cx-7rq4
- https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw
- https://github.com/advisories/GHSA-4qwc-c7g9-4xcw
- https://github.com/openclaw/openclaw/security/advisories/GHSA-h3x4-hc5v-v2gm
- https://github.com/openclaw/openclaw/security/advisories/GHSA-wv46-v6xc-2qhf
- https://github.com/openclaw/openclaw/security/advisories/GHSA-rvqr-hrcc-j9vv
- https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv
- https://github.com/advisories/GHSA-65h8-27jh-q8wv
- https://github.com/openclaw/openclaw/security/advisories/GHSA-48vw-m3qc-wr99
- https://github.com/openclaw/openclaw/security/advisories/GHSA-cxmw-p77q-wchg
- https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv
- https://github.com/openclaw/openclaw/security/advisories/GHSA-39pp-xp36-q6mg
- https://github.com/openclaw/openclaw/security/advisories/GHSA-wj55-88gf-x564
- https://github.com/openclaw/openclaw/security/advisories/GHSA-74wf-h43j-vvmj
- https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q
- https://github.com/openclaw/openclaw/security/advisories/GHSA-x2cm-hg9c-mf5w
- https://github.com/advisories/GHSA-x2cm-hg9c-mf5w
- https://github.com/openclaw/openclaw/security/advisories/GHSA-844j-xrrq-wgh4
- https://github.com/openclaw/openclaw/security/advisories/GHSA-j7p2-qcwm-94v4
- https://github.com/openclaw/openclaw/commit/7abfff756d
- https://github.com/openclaw/openclaw/security/advisories/GHSA-h5hg-h7rr-gpf3
- https://github.com/openclaw/openclaw/commit/eac93507c36ccd0c359fba18fa466ef6448be8a5
- https://github.com/openclaw/openclaw/security/advisories/GHSA-gg9v-mgcp-v6m7
- https://github.com/openclaw/openclaw/commit/a600c72ed7d0045a27f58bf031d2b36ecb0141c9
- https://github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq
- https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4
- https://github.com/openclaw/openclaw/security/advisories/GHSA-ppwq-6v66-5m6j
- https://github.com/openclaw/openclaw/commit/f0202264d0de7ad345382b9008c5963bcefb01b7
- https://github.com/openclaw/openclaw/security/advisories/GHSA-8883-9w57-vwv6
- https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66
- https://github.com/openclaw/openclaw/security/advisories/GHSA-xhq5-45pm-2gjr
- https://github.com/openclaw/openclaw/security/advisories/GHSA-mp66-rf4f-mhh8
- https://github.com/openclaw/openclaw/security/advisories/GHSA-pw7h-9g6p-c378
- https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93
- https://github.com/openclaw/openclaw/security/advisories/GHSA-3w6x-gv34-mqpf
- https://github.com/openclaw/openclaw/commit/229426a257e49694a59fa4e3895861d02a4d767f
- https://github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4