SB2026052908 - Multiple vulnerabilities in OpenClaw
Published: May 29, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 vulnerabilities.
1) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass command allowlist restrictions.
The vulnerability exists due to improper access control in the shell wrapper command approval and execution logic when processing a command request using a shell wrapper form. A remote user can submit a crafted command request to bypass command allowlist restrictions.
Only instances with the affected feature enabled and reachable are vulnerable.
2) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to execute unintended shell operations.
The vulnerability exists due to incorrect authorization in the exec approval display and binding when handling oversized exec commands in the approval view. A remote user can create a pending host exec request with a command long enough to be truncated to execute unintended shell operations.
This affects deployments where exec approval is enabled, and user interaction is required because an approver must approve the request.
3) OS Command Injection (CVE-ID: N/A)
CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to command injection in system.run safe-bin allowlist checks when processing shell-expanded values in approved commands on paired POSIX nodes. A remote user can supply a value that expands into additional shell words and becomes a file operand to disclose sensitive information.
This issue is limited to paired POSIX node execution through system.run with safe-bin or allowlist-style auto-approval.
4) Inclusion of Functionality from Untrusted Control Sphere (CVE-ID: N/A)
CWE-ID: CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute unscanned plugin code.
The vulnerability exists due to inclusion of functionality from an untrusted control sphere in marketplace runtime extension metadata when loading a package selected for installation through the affected feature. A remote user can provide metadata that redirects runtime loading to hidden package content to execute unscanned plugin code.
Only instances where the affected feature is enabled and reachable are vulnerable.
5) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information from private-network pages.
The vulnerability exists due to improper access control in browser control act interactions when handling action-triggered navigation to private or loopback URLs. A remote user can interact with an attacker-controlled page that redirects or navigates the tab to a private-network target through a UI action to disclose sensitive information from private-network pages.
Exploitation requires browser control to be enabled and browser evaluation capability to be available.
6) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass authorization controls and disclose, modify, or disrupt exec lifecycle handling.
The vulnerability exists due to improper access control in the node event boundary when processing crafted node.event messages for exec lifecycle events. A remote privileged user can send a specially crafted node.event message to bypass authorization controls and disclose, modify, or disrupt exec lifecycle handling.
Exploitation requires control of a paired node connection, and the target agent or session must be able to process exec lifecycle events.
7) Authentication Bypass by Spoofing (CVE-ID: N/A)
CWE-ID: CWE-290 - Authentication Bypass by Spoofing
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to spoof operator identity.
The vulnerability exists due to authentication bypass by spoofing in the Gateway trusted-proxy identity header handling when sending requests directly to the proxy-facing Gateway port from the same host. A local user can supply forged identity headers to spoof operator identity.
Only deployments with the affected feature enabled and reachable are vulnerable.
8) Missing Authorization (CVE-ID: N/A)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to bypass authorization for approval actions.
The vulnerability exists due to missing authorization in the QQBot native approval button callback path when handling approval button clicks. A remote user can click a visible approval button to bypass authorization for approval actions.
This affects deployments where QQBot native approval buttons are enabled and an approval message is visible to a QQ user who is not configured as an approver.
9) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to bypass authorization controls and execute administrative commands.
The vulnerability exists due to incorrect authorization in the chat.send route handling when delivering a scoped Gateway request into a session with an inherited external delivery route. A remote user can send a crafted chat.send request to bypass authorization controls and execute administrative commands.
This affects scoped Gateway clients and does not apply to shared-secret bearer HTTP compatibility endpoints.
10) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to gain administrative access to gateway RPC functionality.
The vulnerability exists due to incorrect authorization in the Control UI WebSocket handling in trusted-proxy mode when processing a client-declared scope set before pairing is bound to a server-approved authorization baseline. A remote user can open a Control UI WebSocket with a fresh unpaired device identity and request elevated scopes to gain administrative access to gateway RPC functionality.
This issue affects trusted-proxy Control UI deployments and does not apply to shared-secret Control UI sessions.
Remediation
Install update from vendor's website.
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-2j8v-hwgc-x698
- https://github.com/openclaw/openclaw/security/advisories/GHSA-xww8-gqvh-92x9
- https://github.com/openclaw/openclaw/security/advisories/GHSA-mhq8-78pj-5j79
- https://github.com/openclaw/openclaw/security/advisories/GHSA-v6r2-jh58-xx6w
- https://github.com/openclaw/openclaw/security/advisories/GHSA-2hfg-4fh4-qp7f
- https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4
- https://github.com/openclaw/openclaw/security/advisories/GHSA-rggc-m335-3wvj
- https://github.com/openclaw/openclaw/security/advisories/GHSA-mgq6-vr84-7m2j
- https://github.com/openclaw/openclaw/security/advisories/GHSA-hw9r-h9mr-4jff
- https://github.com/openclaw/openclaw/security/advisories/GHSA-qjpc-qf9m-xwmr