SB2026041789 - Multiple vulnerabilities in OpenClaw
Published: April 17, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Input validation error (CVE-ID: N/A)
The vulnerability allows a remote user to access host-local media references through a channel action path that expected normalized media.
The vulnerability exists due to improper input validation in Discord eventCreate.image handling when processing Discord event cover image parameters. A remote user can supply crafted event cover image parameters to access host-local media references through a channel action path that expected normalized media.
2) Improper access control (CVE-ID: N/A)
The vulnerability allows a remote user to bypass SSRF policy enforcement.
The vulnerability exists due to improper access control in existing-session browser interaction and navigation routes when handling existing-session browser interactions. A remote user can use existing-session browser routes to continue interacting with or navigating targets to bypass SSRF policy enforcement.
3) Improper privilege management (CVE-ID: N/A)
The vulnerability allows a local user to retain execution in a more privileged context than intended.
The vulnerability exists due to improper privilege management in heartbeat owner-downgrade detection when processing local background exec completion events. A local user can supply untrusted completion content to retain execution in a more privileged context than intended.
The issue occurs because local async exec completion text could be missed by the detection logic.
4) Input validation error (CVE-ID: N/A)
The vulnerability allows a remote attacker to inject untrusted input into trusted system event context.
The vulnerability exists due to improper input validation in agent hook event dispatch when processing externally supplied hook metadata. A remote attacker can supply crafted hook metadata to inject untrusted input into trusted system event context.
5) Input validation error (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform server-side request forgery.
The vulnerability exists due to improper input validation in browser hostname validation when processing hostname navigation under restrictive policy. A remote attacker can use DNS rebinding to bypass hostname/IP resolution checks to perform server-side request forgery.
The issue occurs because the validated hostname or IP resolution can differ from the address ultimately used by Chromium.
6) Improper access control (CVE-ID: N/A)
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in the outbound host-media attachment read helper when loading host-media attachments. A remote user can trigger host-media attachment loading to disclose sensitive information.
Only deployments that allow host read or filesystem root expansion at the global or agent level and rely on sender- or group-scoped policy to deny read for some channel participants are affected.
7) Improper access control (CVE-ID: N/A)
The vulnerability allows a remote attacker to access an interactive browser session surface.
The vulnerability exists due to improper access control in the sandbox noVNC helper route when handling requests without the intended bridge authentication. A remote attacker can reach the helper route to access an interactive browser session surface.
8) Allocation of Resources Without Limits or Throttling (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in the voice-call realtime WebSocket path when handling oversized WebSocket frames. A remote attacker can send oversized WebSocket frames to cause a denial of service.
Only deployments exposing that webhook path are vulnerable.
9) Improper access control (CVE-ID: N/A)
The vulnerability allows a remote user to bypass sandbox routing boundaries.
The vulnerability exists due to improper access control in exec routing when processing a host override of node from a sandboxed agent. A remote user can request host: "node" to bypass sandbox routing boundaries.
10) Improper access control (CVE-ID: N/A)
The vulnerability allows a remote attacker to trigger server-side request forgery policy bypass.
The vulnerability exists due to improper access control in browser press/type interaction routes when triggering navigation-capable interactions. A remote attacker can cause pressKey or type submit flows to initiate navigation to trigger server-side request forgery policy bypass.
Remediation
Install update from vendor's website.
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-c9h3-5p7r-mrjh
- https://github.com/openclaw/openclaw/security/advisories/GHSA-527m-976r-jf79
- https://github.com/advisories/GHSA-527m-976r-jf79
- https://github.com/openclaw/openclaw/security/advisories/GHSA-g375-h3v6-4873
- https://github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr
- https://github.com/openclaw/openclaw/security/advisories/GHSA-xq94-r468-qwgj
- https://github.com/openclaw/openclaw/security/advisories/GHSA-jhpv-5j76-m56h
- https://github.com/openclaw/openclaw/security/advisories/GHSA-92jp-89mq-4374
- https://github.com/openclaw/openclaw/security/advisories/GHSA-vw3h-q6xq-jjm5
- https://github.com/advisories/GHSA-vw3h-q6xq-jjm5
- https://github.com/openclaw/openclaw/security/advisories/GHSA-736r-jwj6-4w23
- https://github.com/advisories/GHSA-736r-jwj6-4w23
- https://github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h