SB2026040836 - Multiple vulnerabilities in OpenClaw

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2026-32980)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in the standalone Telegram webhook listener in src/telegram/webhook.ts when handling POST requests before validating the x-telegram-bot-api-secret-token header. A remote attacker can send specially crafted webhook requests to cause a denial of service.

The server reads and buffers the request body and performs JSON parsing work before rejecting invalid requests.

2) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2026-32982)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to insertion of sensitive information into log files in fetchRemoteMedia() in src/media/fetch.ts when handling failed inbound Telegram media downloads. A remote attacker can trigger a media fetch failure to disclose sensitive information.

The leaked information may be exposed through logs, console output, or other downstream error surfaces that render exception text.

3) OS Command Injection (CVE-ID: CVE-2026-32917)

The vulnerability allows a remote attacker to execute arbitrary commands on the configured remote host.

The vulnerability exists due to command injection in src/auto-reply/reply/stage-sandbox-media.ts when staging iMessage attachments over SCP using a sender-controlled remote attachment path. A remote attacker can send a specially crafted iMessage attachment filename containing shell metacharacters to execute arbitrary commands on the configured remote host.

Exploitation requires remote attachment staging to be enabled and ctx.MediaRemoteHost to be set.

4) Improper privilege management (CVE-ID: CVE-2026-32987)

The vulnerability allows a remote user to escalate privileges.

The vulnerability exists due to improper privilege management in bootstrap token verification in src/infra/device-bootstrap.ts when verifying bootstrap setup codes before pairing approval. A remote user can replay a valid bootstrap setup code to escalate privileges.

The issue can widen the scopes on a pending device pairing request before an approver finalizes the pairing, including escalation to operator.admin.

Remediation

Install update from vendor's website.

References

• https://github.com/openclaw/openclaw/security/advisories/GHSA-jq3f-vjww-8rq7
• https://github.com/openclaw/openclaw/security/advisories/GHSA-xwcj-hwhf-h378
• https://github.com/openclaw/openclaw/security/advisories/GHSA-g2f6-pwvx-r275
• https://github.com/openclaw/openclaw/security/advisories/GHSA-63f5-hhc7-cx6p