SB2026050460 - Multiple vulnerabilities in OpenClaw



SB2026050460 - Multiple vulnerabilities in OpenClaw

Published: May 4, 2026

Security Bulletin ID SB2026050460
CSH Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 20% Medium 60% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 vulnerabilities.


1) Path traversal (CVE-ID: CVE-2026-28447)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to write files outside the intended extensions directory.

The vulnerability exists due to path traversal in the plugin installation directory handling when processing attacker-controlled plugin content during plugin installation. A remote attacker can supply a specially crafted plugin package name to write files outside the intended extensions directory.

User interaction is required to run openclaw plugins install on attacker-controlled plugin content.


2) Insertion of Sensitive Information Into Sent Data (CVE-ID: CVE-2026-28481)

CWE-ID: CWE-201 - Insertion of Sensitive Information Into Sent Data

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to insertion of sensitive information into sent data in the MS Teams inbound attachment downloader when retrying attachment or inline image URLs after receiving 401 or 403 responses. A remote attacker can send a message that references an untrusted but allowlisted host to disclose sensitive information.

Only deployments with the optional MS Teams extension enabled are affected, and user interaction is required.


3) Improper Authorization (CVE-ID: CVE-2026-28448)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass authorization checks and trigger the agent pipeline.

The vulnerability exists due to improper authorization in Twitch plugin access control when handling Twitch chat messages that mention the bot. A remote attacker can send a crafted chat message from a Twitch account not present in the allowlist to bypass authorization checks and trigger the agent pipeline.

Only deployments with the Twitch plugin installed and enabled are vulnerable, and exploitation requires allowFrom to be configured while allowedRoles is unset or empty.


4) Path traversal (CVE-ID: CVE-2026-25475)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to path traversal in src/media/parse.ts when parsing MEDIA: tokens that reference local file paths. A remote user can influence an agent to emit a crafted MEDIA: token to disclose sensitive information.

The issue is limited to files readable by the OpenClaw process.


5) Insufficient verification of data authenticity (CVE-ID: CVE-2026-25474)

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to send forged Telegram updates that are processed as if they came from Telegram.

The vulnerability exists due to insufficient verification of data authenticity in the Telegram webhook endpoint when handling webhook HTTP requests with a missing webhook secret. A remote attacker can send a specially crafted webhook request to send forged Telegram updates that are processed as if they came from Telegram.

Only deployments with Telegram webhook mode enabled are vulnerable, and exploitation requires the webhook endpoint to be reachable by the attacker.


Remediation

Install update from vendor's website.