SB2026050458 - Multiple vulnerabilities in OpenClaw



SB2026050458 - Multiple vulnerabilities in OpenClaw

Published: May 4, 2026

Security Bulletin ID SB2026050458
CSH Severity
High
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 13% Medium 38% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 vulnerabilities.


1) Path traversal (CVE-ID: CVE-2026-28482)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to read or write files outside the intended sessions directory.

The vulnerability exists due to path traversal in transcript file operations when processing a crafted sessionId or sessionFile path. A remote user can supply a specially crafted sessionId or sessionFile value to read or write files outside the intended sessions directory.

By default the gateway binds to loopback; configurations that expose the gateway widen the attack surface.


2) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2026-28464)

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to observable timing discrepancy in hooks authentication when comparing the provided hook token. A remote attacker can send many requests and measure response timing to disclose sensitive information.

Reliable exploitation typically requires the hooks endpoint to be exposed to an untrusted network, and real-world latency and jitter can make timing measurements difficult.


3) Missing Authentication for Critical Function (CVE-ID: CVE-2026-28485)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to access sensitive in-session data and perform privileged browser actions.

The vulnerability exists due to improper access control in the local browser-control HTTP route /agent/act and related browser-control handlers when handling local browser-control HTTP requests without configured authentication. A remote attacker can send a specially crafted request to access sensitive in-session data and perform privileged browser actions.

Exposure is primarily related to loopback-bound local-process and local-proxy boundaries in configurations where authentication is not configured.


4) Authorization bypass through user-controlled key (CVE-ID: N/A)

CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to inject messages into chosen sessions.

The vulnerability exists due to authorization bypass through a user-controlled key in the POST /hooks/agent endpoint when processing authenticated hook requests with externally supplied sessionKey values. A remote user can send a specially crafted request with a chosen sessionKey to inject messages into chosen sessions.

Exploitation requires a valid hook token, request-selected session keys to be accepted, and target session keys to be derivable or guessable.


5) Improper access control (CVE-ID: CVE-2026-28395)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose limited information and cause a denial of service.

The vulnerability exists due to improper access control in ensureChromeExtensionRelayServer when handling a wildcard cdpUrl. A remote attacker can send requests to exposed relay HTTP endpoints to disclose limited information and cause a denial of service.

The issue occurs when the relay HTTP/WS server is bound to all interfaces because wildcard hosts are treated as loopback.


6) External Control of File Name or Path (CVE-ID: CVE-2026-28459)

CWE-ID: CWE-73 - External Control of File Name or Path

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to create or append files at an arbitrary path on the gateway host, leading to configuration corruption and cause a denial of service.

The vulnerability exists due to external control of file name or path in the gateway session transcript file handling when resolving the untrusted sessionFile path. A remote user can supply a crafted sessionFile path to create or append files at an arbitrary path on the gateway host, leading to configuration corruption and cause a denial of service.

Exploitation depends on deployment and filesystem permissions.


7) Missing Authentication for Critical Function (CVE-ID: CVE-2026-28450)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to modify the Nostr profile and gateway configuration.

The vulnerability exists due to missing authentication for critical function in Nostr profile management HTTP endpoints when handling requests to the profile and profile import routes. A remote attacker can send crafted HTTP requests to modify the Nostr profile and gateway configuration.

Only deployments with the optional @openclaw/nostr plugin installed and enabled are vulnerable. Exploitation requires the gateway HTTP port to be reachable beyond localhost. Profile updates are published as a signed Nostr kind:0 event using the bot's private key.


8) Missing Authentication for Critical Function (CVE-ID: CVE-2026-29613)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to inject arbitrary inbound BlueBubbles message and reaction events.

The vulnerability exists due to missing authentication for the BlueBubbles webhook handler when handling webhook requests through a reverse proxy. A remote attacker can send a specially crafted HTTP POST request to inject arbitrary inbound BlueBubbles message and reaction events.

Only deployments with the optional BlueBubbles channel plugin enabled and the BlueBubbles webhook endpoint exposed through a reverse proxy are affected.


Remediation

Install update from vendor's website.