SB2026040842 - Multiple vulnerabilities in OpenClaw



SB2026040842 - Multiple vulnerabilities in OpenClaw

Published: April 8, 2026

Security Bulletin ID SB2026040842
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 vulnerabilities.


1) Missing Authentication for Critical Function (CVE-ID: CVE-2026-32041)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a local user to access browser-control routes without authentication.

The vulnerability exists due to missing authentication for critical function in browser-control routes when browser control starts without explicit auth credentials and automatic auth bootstrap fails. A local user can access exposed browser-control routes to access browser-control routes without authentication.

A loopback-reachable SSRF path may also reach the exposed routes.


2) Resource exhaustion (CVE-ID: CVE-2026-28461)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in the Zalo webhook endpoint when handling unauthenticated requests with varying query strings on the same valid webhook route. A remote attacker can send repeated requests with churned query-string keys to cause a denial of service.

The issue can lead to memory pressure, process instability, or out-of-memory conditions.


3) Incorrect authorization (CVE-ID: CVE-2026-32051)

CWE-ID: CWE-863 - Incorrect Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to perform control-plane actions beyond intended write scope.

The vulnerability exists due to incorrect authorization in owner-only tool surfaces accessed through agent runs when processing authenticated agent execution requests in scoped-token deployments. A remote user can invoke owner-only tool surfaces through agent runs to perform control-plane actions beyond intended write scope.

Only scoped-token deployments are vulnerable.


4) Improper Handling of Unicode Encoding (CVE-ID: N/A)

CWE-ID: CWE-176 - Improper Handling of Unicode Encoding

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to bypass command policy restrictions.

The vulnerability exists due to improper handling of unicode encoding in node metadata policy classification when processing paired node metadata. A remote user can supply unicode-confusable platform or deviceFamily metadata to bypass command policy restrictions.

The issue occurs within the paired-node trust boundary and can broaden default node command allowlists.


5) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2026-31997)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to execute a different executable than the operator approved.

The vulnerability exists due to a time-of-check time-of-use race condition in node system.run approvals when resolving non-path-like argv[0] PATH tokens for host=node runs. A remote user can change PATH resolution after approval to execute a different executable than the operator approved.

The issue affects previously approved actions that use non-path-like command tokens such as tr.


6) Improper privilege management (CVE-ID: CVE-2026-32048)

CWE-ID: CWE-269 - Improper Privilege Management

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to escape sandbox restrictions.

The vulnerability exists due to improper privilege management in sessions_spawn when creating cross-agent child sessions. A remote user can spawn a child under an agent configured with sandbox.mode="off" to escape sandbox restrictions.

Exploitation requires a mixed-agent setup that allows cross-agent spawning.


7) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: N/A)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to time-of-check time-of-use race condition in sandbox media handling when processing media attachment and image paths. A remote attacker can retarget a symlink between path validation and file read to disclose sensitive information.

The issue can cause file reads outside sandboxRoot.


8) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: N/A)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to create or truncate files outside the configured root boundaries.

The vulnerability exists due to time-of-check time-of-use race condition in writeFileWithinRoot when handling an attacker-controlled path alias during file write operations. A local user can retarget a symlink between resolution and write operations to create or truncate files outside the configured root boundaries.


9) Incorrect authorization (CVE-ID: N/A)

CWE-ID: CWE-863 - Incorrect Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disrupt active sessions.

The vulnerability exists due to improper access control in stop-like natural-language abort triggers when handling sender messages. A remote attacker can send unauthorized stop-like trigger messages to disrupt active sessions.


10) Incorrect authorization (CVE-ID: N/A)

CWE-ID: CWE-863 - Incorrect Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose model and authentication metadata.

The vulnerability exists due to improper access control in the /models command when processing command requests. A remote attacker can invoke the /models command to disclose model and authentication metadata.


11) OS Command Injection (CVE-ID: CVE-2026-31999)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute unintended commands.

The vulnerability exists due to command injection in ACPX Windows wrapper resolution when resolving .cmd/.bat wrappers through shell fallback on Windows ACPX paths. A remote attacker can influence the current working directory to alter execution behavior and execute unintended commands.

Only affected Windows ACPX configurations are vulnerable.


12) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-31989)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to trigger internal-network requests.

The vulnerability exists due to server-side request forgery (SSRF) in web_search citation redirect resolution when processing citation URL redirects. A remote attacker can supply a citation redirect target to trigger internal-network requests.


Remediation

Install update from vendor's website.