SB20260423149 - Multiple vulnerabilities in OpenClaw

Security Bulletin ID SB20260423149

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 9

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 9 vulnerabilities.

1) Improper access control (CVE-ID: N/A)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper access control in the Control UI bootstrap config endpoint when handling requests while Gateway authentication is enabled. A remote attacker can send an unauthenticated request to disclose sensitive information.

Only deployments with Gateway authentication enabled are affected.

2) Externally Controlled Reference to a Resource in Another Sphere (CVE-ID: N/A)

CWE-ID: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to redirect runtime traffic to an unintended endpoint.

The vulnerability exists due to externally controlled reference to a resource in another sphere in connector endpoint host configuration when loading workspace dotenv files. A remote user can set connector endpoint variables in a workspace .env file to redirect runtime traffic to an unintended endpoint.

The issue affects Matrix, Mattermost, IRC, and Synology-related connectors, including per-account Matrix homeserver suffixes and generic base-url or API-host style overrides.

3) Input validation error (CVE-ID: N/A)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to bypass exec allowlist analysis.

The vulnerability exists due to improper input validation in the exec command analyzer when processing allowlisted commands containing unquoted heredocs. A remote user can supply an allowlisted command with shell expansion hidden in the heredoc body to bypass exec allowlist analysis.

4) Improper access control (CVE-ID: N/A)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to bypass owner-only access controls.

The vulnerability exists due to improper access control in the MCP loopback path when handling requests with spoofed owner-context metadata in request headers. A remote user can send a specially crafted request with spoofed owner-context metadata to bypass owner-only access controls.

5) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: N/A)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to write files outside the intended sandbox mount root.

The vulnerability exists due to a time-of-check time-of-use race condition in the OpenShell filesystem bridge write path when handling filesystem writes. A local user can swap a symlink between the check and the write to write files outside the intended sandbox mount root.

6) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: N/A)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to a time-of-check time-of-use race condition in the OpenShell sandbox filesystem read bridge when handling filesystem read operations. A remote attacker can swap a symlink to cause bytes outside the intended mount root to be read and disclose sensitive information.

7) Improper access control (CVE-ID: N/A)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to bypass subagent security envelope constraints.

The vulnerability exists due to improper access control in ACP child session handling when spawning an ACP child session from a restricted subagent. A remote user can spawn a child session to bypass subagent security envelope constraints.

The issue affects subagent-only constraints such as depth, child-count limits, control scope, and target-agent restrictions.

8) Server-Side Request Forgery (SSRF) (CVE-ID: N/A)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform server-side request forgery.

The vulnerability exists due to insufficient destination validation in the Zalo plugin outbound photo URL handling when processing an attacker-controlled outbound photo URL for the Zalo Bot API. A remote attacker can supply a crafted outbound photo URL to perform server-side request forgery.

9) Improper access control (CVE-ID: N/A)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to continue delivering webhook events after secret rotation.

The vulnerability exists due to improper access control in Slack and Zalo webhook secret validation when processing webhook requests after secrets.reload. A remote user can send requests using a previously valid webhook secret to continue delivering webhook events after secret rotation.

Only configurations with the affected feature enabled and reachable are vulnerable, and exploitation is limited to the stale-secret window after secret reload.

Remediation

Install update from vendor's website.

SB20260423149 - Multiple vulnerabilities in OpenClaw

Breakdown by Severity

Description

Remediation

References

Please verify you're human