SB2026050457 - Multiple vulnerabilities in OpenClaw



SB2026050457 - Multiple vulnerabilities in OpenClaw

Published: May 4, 2026

Security Bulletin ID SB2026050457
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 43% Low 57%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 vulnerabilities.


1) Path traversal (CVE-ID: CVE-2026-28462)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to write files outside intended temporary directories.

The vulnerability exists due to path traversal in the browser control API endpoints when handling user-supplied output paths for trace and download files. A remote attacker can send a specially crafted request to write files outside intended temporary directories.

Successful exploitation depends on the filesystem permissions of the OpenClaw process.


2) Improper Output Neutralization for Logs (CVE-ID: N/A)

CWE-ID: CWE-117 - Improper Output Neutralization for Logs

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to poison logs and influence downstream LLM-assisted workflows.

The vulnerability exists due to improper output neutralization for logs in src/gateway/server/ws-connection.ts when handling WebSocket connections that close before completing the connect or handshake process. A remote attacker can send crafted WebSocket header values to poison logs and influence downstream LLM-assisted workflows.

The impact depends on logs later being read or interpreted by an LLM or other automation, and user interaction is required.


3) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2026-28475)

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose the hook token.

The vulnerability exists due to observable timing discrepancies in hook token comparison in the hooks endpoint when handling token validation requests. A remote attacker can send many requests and measure response timing to disclose the hook token.

Exploitation typically requires the hooks endpoint to be exposed to an untrusted network, and real-world latency and jitter can make reliable measurement difficult.


4) Improper access control (CVE-ID: N/A)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to inject instructions into another session as if they were direct user instructions.

The vulnerability exists due to improper access control in sessions_send message handling when persisting routed inter-session prompts without provenance metadata. A remote user can send a crafted inter-session message to inject instructions into another session as if they were direct user instructions.

This issue affects workflows that trust role: "user" as the sole authority signal.


5) Path traversal (CVE-ID: CVE-2026-26972)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to write files outside the intended download directory.

The vulnerability exists due to path traversal in browser download helpers when handling browser control gateway download requests with a user-supplied output path. A remote user can send a specially crafted request to write files outside the intended download directory.

This issue is not exposed via the AI agent tool schema, and exploitation requires authenticated CLI access or an authenticated gateway RPC token.


6) Resource exhaustion (CVE-ID: CVE-2026-28478)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in webhook handlers when buffering request bodies. A remote attacker can send oversized payloads or slow incomplete uploads to cause a denial of service.


7) Improper Authentication (CVE-ID: CVE-2026-26316)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to inject inbound webhook events into the agent pipeline.

The vulnerability exists due to improper authentication in the BlueBubbles webhook endpoint when handling webhook requests forwarded from loopback addresses. A remote attacker can send a specially crafted webhook request through a same-host reverse proxy or SSRF path to inject inbound webhook events into the agent pipeline.

This affects only deployments where the optional BlueBubbles iMessage channel plugin is installed and enabled.


Remediation

Install update from vendor's website.