SB2026050453 - Multiple vulnerabilities in OpenClaw
Published: May 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error (CVE-ID: CVE-2026-27576)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause reduced responsiveness and increased resource consumption.
The vulnerability exists due to improper input validation in the local stdio ACP bridge when processing very large prompt text blocks. A local user can submit unusually large inputs to cause reduced responsiveness and increased resource consumption.
Because ACP runs over local stdio, the issue mainly affects local ACP clients such as IDE integrations.
2) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-27488)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to access internal network resources.
The vulnerability exists due to improper control of outbound network requests in cron webhook delivery in src/gateway/server-cron.ts when processing webhook targets. A remote attacker can supply a webhook target that points to private, metadata, or internal endpoints to access internal network resources.
3) Observable discrepancy (CVE-ID: CVE-2026-4040)
CWE-ID: CWE-203 - Observable discrepancy
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to observable discrepancy in tools.exec.safeBins approval flow when validating candidate file paths. A remote user can probe existing and non-existing filenames to disclose sensitive information.
Exploitation requires access to the execution surface.
Remediation
Install update from vendor's website.
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-cxpw-2g23-2vgw
- https://github.com/openclaw/openclaw/commit/732e53151e8fbdfc0501182ddb0e900878bdc1e3
- https://github.com/openclaw/openclaw/security/advisories/GHSA-w45g-5746-x9fp
- https://github.com/openclaw/openclaw/commit/99db4d13e
- https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j
- https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754