SB2026041790 - Multiple vulnerabilities in OpenClaw

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Improper Authorization (CVE-ID: N/A)

The vulnerability allows a remote user to bypass authorization for Matrix room control commands.

The vulnerability exists due to improper access control in Matrix room control-command authorization when handling room traffic from senders learned from the Matrix DM pairing store. A remote user can send messages in a target Matrix room to bypass authorization for Matrix room control commands.

Exploitation requires a sender already present in the pairing store and able to send to the target Matrix room.

2) Path traversal (CVE-ID: N/A)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to path traversal in webchat media embedding and the shared media resolver when processing crafted tool-result media references. A remote attacker can supply a crafted local or UNC-style file path to disclose sensitive information.

On affected Windows deployments, exploitation may also trigger network credential exposure through UNC or remote-host file path access.

3) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote user to continue using a revoked bearer token to authorize gateway requests.

The vulnerability exists due to improper access control in gateway HTTP and WebSocket handlers when processing authenticated requests after SecretRef rotation. A remote user can present an old bearer token to continue using a revoked bearer token to authorize gateway requests.

The issue affects the gateway HTTP and upgrade surfaces until the process is restarted.

4) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the QMD backend memory_get read path when handling workspace Markdown path requests. A remote user can supply a workspace Markdown path outside the canonical memory locations or indexed QMD result set to disclose sensitive information.

The issue is limited to Markdown files under the configured workspace root and requires the QMD backend to be enabled.

5) Improper Authentication (CVE-ID: N/A)

The vulnerability allows a remote attacker to reach command dispatch without proper authentication checks.

The vulnerability exists due to improper authentication in Feishu webhook mode and card-action lifecycle validation when handling webhook requests or malformed card-action callbacks. A remote attacker can send a specially crafted request to reach command dispatch without proper authentication checks.

Exploitation is possible in deployments using Feishu webhook mode without a configured encryptKey, or when malformed card-action callbacks with blank callback tokens are processed.

Remediation

Install update from vendor's website.

References

• https://github.com/openclaw/openclaw/security/advisories/GHSA-2gvc-4f3c-2855
• https://github.com/openclaw/openclaw/security/advisories/GHSA-mr34-9552-qr95
• https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892
• https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47
• https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc