SB2026040833 - Multiple vulnerabilities in OpenClaw
Published: April 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Incorrect authorization (CVE-ID: N/A)
The vulnerability allows a remote user to bypass executable authorization checks.
The vulnerability exists due to incorrect authorization in executable approval handling when processing executions through an unregistered /usr/bin/time wrapper. A remote user can invoke an approved inner command via the wrapper to bypass executable authorization checks.
2) Resource exhaustion (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in remote media HTTP error body handling when processing remote media error responses. A remote attacker can return an HTTP error response with a large body to cause a denial of service.
3) Path traversal (CVE-ID: CVE-2026-34510)
The vulnerability allows a remote attacker to access unintended network-hosted files as local content.
The vulnerability exists due to path traversal through Windows UNC share handling in Windows local-media handling and local-file access validation when processing remote-host file URLs or UNC-style paths. A remote attacker can supply a specially crafted file URL or UNC path to access unintended network-hosted files as local content.
This issue affects Windows-specific handling of local media paths.
4) Authorization bypass through user-controlled key (CVE-ID: N/A)
The vulnerability allows a remote user to redirect reply delivery to a different user.
The vulnerability exists due to improper identity resolution in the Synology Chat webhook handler when resolving reply recipients from usernames. A remote user can change or control a username match to redirect reply delivery to a different user.
Replies may be rebound to a mutable username match instead of the stable numeric user_id recorded by the webhook event.
5) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote attacker to influence CLI routing.
The vulnerability exists due to improper endpoint validation in bonjour and DNS-SD discovery handling when processing TXT-only discovery metadata after service resolution fails. A remote attacker can advertise specially crafted discovery metadata to influence CLI routing.
The issue occurs when unresolved TXT host and port hints are used to choose the target despite failed service resolution.
6) Incorrect authorization (CVE-ID: N/A)
The vulnerability allows a remote attacker to trigger unauthorized computational work.
The vulnerability exists due to incorrect authorization in Nostr inbound DM handling when processing inbound direct messages. A remote attacker can send unauthorized direct messages to trigger unauthorized computational work.
The issue occurs because cryptographic and dispatch work is performed before sender and pairing policy enforcement.
7) Improper access control (CVE-ID: N/A)
The vulnerability allows a remote user to retain privileged scopes without device identity.
The vulnerability exists due to improper access control in trusted-proxy Control UI session handling when processing sessions on the device-less allow path. A remote user can declare privileged scopes in a session to retain privileged scopes without device identity.
The issue affects trusted-proxy Control UI sessions that do not have device identity.
8) Improper Verification of Source of a Communication Channel (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary instructions in the app.
The vulnerability exists due to improper verification of source of a communication channel in the Android canvas WebView JavascriptInterface bridge when handling pages from untrusted origins. A remote attacker can load an attacker-controlled page that invokes the bridge to execute arbitrary instructions in the app.
9) Resource exhaustion (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in the voice call webhook handler when processing webhook requests before provider signature checks. A remote attacker can send crafted webhook requests with oversized request bodies to cause a denial of service.
The issue is bounded by pre-auth body caps and occurs before signature verification.
10) External Control of System or Configuration Setting (CVE-ID: N/A)
The vulnerability allows a remote user to alter environment settings for host command execution.
The vulnerability exists due to external control of system or configuration setting in gateway host exec environment override handling when processing environment override keys. A remote user can supply blocked or malformed override keys to alter environment settings for host command execution.
11) Incorrect authorization (CVE-ID: N/A)
The vulnerability allows a remote user to perform unauthorized queued node actions.
The vulnerability exists due to incorrect authorization in queued node action delivery when delivering previously queued actions after command policy changes. A remote user can queue an action before policy tightening and have it delivered later to perform unauthorized queued node actions.
12) Reliance on Untrusted Inputs in a Security Decision (CVE-ID: N/A)
The vulnerability allows a remote attacker to suppress dangerous-tool prompting.
The vulnerability exists due to reliance on untrusted inputs in a security decision in ACP permission resolution when processing conflicting tool identity hints from rawInput and metadata. A remote attacker can provide conflicting tool identity hints to suppress dangerous-tool prompting.
13) Improper Authorization (CVE-ID: N/A)
The vulnerability allows a remote user to bypass DM access control.
The vulnerability exists due to improper authorization in Synology Chat webhook route ownership handling when processing multi-account configurations with shared webhook paths. A remote user can configure or trigger a duplicate webhook path to bypass DM access control.
The issue occurs when multiple account configurations collapse onto a shared webhook path, causing route ownership replacement and loss of per-account policy separation.
14) Improper Authorization (CVE-ID: N/A)
The vulnerability allows a remote user to send messages to controlled child sessions outside intended authorization scope.
The vulnerability exists due to improper authorization in the send action for subagent sessions when processing send requests from leaf subagents with a narrower controlScope than their children. A remote user can send a crafted message request to send messages to controlled child sessions outside intended authorization scope.
The issue affects leaf subagents that can use the send action against controlled child sessions despite a narrower controlScope.
15) Authentication Bypass by Spoofing (CVE-ID: N/A)
The vulnerability allows a remote attacker to bypass authentication and rate limiting.
The vulnerability exists due to authentication bypass by spoofing in client origin resolution for canvas auth and auth-rate-limit paths when processing forwarding headers with trusted proxies configured. A remote attacker can send spoofed forwarding headers with loopback hops to bypass authentication and rate limiting.
Exploitation requires gateway.trustedProxies to be configured.
Remediation
Install update from vendor's website.
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-qm9x-v7cx-7rq4
- https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw
- https://github.com/advisories/GHSA-4qwc-c7g9-4xcw
- https://github.com/openclaw/openclaw/security/advisories/GHSA-h3x4-hc5v-v2gm
- https://github.com/openclaw/openclaw/security/advisories/GHSA-wv46-v6xc-2qhf
- https://github.com/openclaw/openclaw/security/advisories/GHSA-rvqr-hrcc-j9vv
- https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv
- https://github.com/advisories/GHSA-65h8-27jh-q8wv
- https://github.com/openclaw/openclaw/security/advisories/GHSA-48vw-m3qc-wr99
- https://github.com/openclaw/openclaw/security/advisories/GHSA-cxmw-p77q-wchg
- https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv
- https://github.com/openclaw/openclaw/security/advisories/GHSA-39pp-xp36-q6mg
- https://github.com/openclaw/openclaw/security/advisories/GHSA-wj55-88gf-x564
- https://github.com/openclaw/openclaw/security/advisories/GHSA-74wf-h43j-vvmj
- https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q
- https://github.com/openclaw/openclaw/security/advisories/GHSA-x2cm-hg9c-mf5w
- https://github.com/advisories/GHSA-x2cm-hg9c-mf5w
- https://github.com/openclaw/openclaw/security/advisories/GHSA-844j-xrrq-wgh4