SB2026050460 - Multiple vulnerabilities in OpenClaw
Published: May 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 vulnerabilities.
1) Path traversal (CVE-ID: CVE-2026-28447)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to write files outside the intended extensions directory.
The vulnerability exists due to path traversal in the plugin installation directory handling when processing attacker-controlled plugin content during plugin installation. A remote attacker can supply a specially crafted plugin package name to write files outside the intended extensions directory.
User interaction is required to run openclaw plugins install on attacker-controlled plugin content.
2) Insertion of Sensitive Information Into Sent Data (CVE-ID: CVE-2026-28481)
CWE-ID: CWE-201 - Insertion of Sensitive Information Into Sent Data
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to insertion of sensitive information into sent data in the MS Teams inbound attachment downloader when retrying attachment or inline image URLs after receiving 401 or 403 responses. A remote attacker can send a message that references an untrusted but allowlisted host to disclose sensitive information.
Only deployments with the optional MS Teams extension enabled are affected, and user interaction is required.
3) Improper Authorization (CVE-ID: CVE-2026-28448)
CWE-ID: CWE-285 - Improper Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass authorization checks and trigger the agent pipeline.
The vulnerability exists due to improper authorization in Twitch plugin access control when handling Twitch chat messages that mention the bot. A remote attacker can send a crafted chat message from a Twitch account not present in the allowlist to bypass authorization checks and trigger the agent pipeline.
Only deployments with the Twitch plugin installed and enabled are vulnerable, and exploitation requires allowFrom to be configured while allowedRoles is unset or empty.
4) Path traversal (CVE-ID: CVE-2026-25475)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to path traversal in src/media/parse.ts when parsing MEDIA: tokens that reference local file paths. A remote user can influence an agent to emit a crafted MEDIA: token to disclose sensitive information.
The issue is limited to files readable by the OpenClaw process.
5) Insufficient verification of data authenticity (CVE-ID: CVE-2026-25474)
CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to send forged Telegram updates that are processed as if they came from Telegram.
The vulnerability exists due to insufficient verification of data authenticity in the Telegram webhook endpoint when handling webhook HTTP requests with a missing webhook secret. A remote attacker can send a specially crafted webhook request to send forged Telegram updates that are processed as if they came from Telegram.
Only deployments with Telegram webhook mode enabled are vulnerable, and exploitation requires the webhook endpoint to be reachable by the attacker.
Remediation
Install update from vendor's website.
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-qrq5-wjgg-rvqw
- https://github.com/openclaw/openclaw/commit/d03eca8450dc493b198a88b105fd180895238e57
- https://github.com/openclaw/openclaw/security/advisories/GHSA-7vwx-582j-j332
- https://github.com/openclaw/openclaw/commit/41cc5bcd4f1d434ad1bbdfa55b56f25025ecbf6b
- https://github.com/openclaw/openclaw/security/advisories/GHSA-33rq-m5x2-fvgf
- https://github.com/openclaw/openclaw/commit/8c7901c984866a776eb59662dc9d8b028de4f0d0
- https://github.com/openclaw/openclaw/security/advisories/GHSA-r8g4-86fx-92mq
- https://github.com/openclaw/openclaw/pull/4930
- https://github.com/openclaw/openclaw/security/advisories/GHSA-mp5h-m6qj-6292
- https://github.com/openclaw/openclaw/commit/ca92597e1f9593236ad86810b66633144b69314d