SB2026063012 - Multiple vulnerabilities in OpenClaw



SB2026063012 - Multiple vulnerabilities in OpenClaw

Published: June 30, 2026

Security Bulletin ID SB2026063012
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 60% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 vulnerabilities.


1) Improper privilege management (CVE-ID: N/A)

CWE-ID: CWE-269 - Improper Privilege Management

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to execute or persist actions beyond the caller's intended authorization.

The vulnerability exists due to improper privilege management in the MCP loopback feature when handling lower-trust caller input or configured input paths. A remote user can invoke the reachable feature path to execute or persist actions beyond the caller's intended authorization.

Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach that path.


2) Incorrect authorization (CVE-ID: N/A)

CWE-ID: CWE-863 - Incorrect Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to bypass authorization checks and perform actions that should require a stronger policy check.

The vulnerability exists due to incorrect authorization in the elevated sender allowlist feature when processing WhatsApp group IDs through a configured input path. A remote user can supply a WhatsApp group ID that satisfies the allowlist to bypass authorization checks and perform actions that should require a stronger policy check.

Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach the affected path.


3) Improper access control (CVE-ID: N/A)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to reach network destinations that should have been blocked by OpenClaw policy.

The vulnerability exists due to improper access control in browser CDP discovery when handling blocked WebSocket URLs. A remote user can provide a blocked WebSocket URL through a lower-trust caller or configured input path to reach network destinations that should have been blocked by OpenClaw policy.

Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach that path.


4) Incorrect authorization (CVE-ID: N/A)

CWE-ID: CWE-863 - Incorrect Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to bypass authorization checks.

The vulnerability exists due to improper access control in the native web search feature when handling lower-trust caller or configured input paths. A remote user can reach the affected path to bypass authorization checks.

Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can access that path.


5) Incomplete List of Disallowed Inputs (CVE-ID: N/A)

CWE-ID: CWE-184 - Incomplete List of Disallowed Inputs

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to execute or persist actions beyond the caller's intended authorization.

The vulnerability exists due to incomplete list of disallowed inputs in the host exec environment filtering feature when processing interpreter startup variables. A remote user can provide crafted input that reaches the affected path to execute or persist actions beyond the caller's intended authorization.

Only configurations where the affected feature is enabled and reachable are vulnerable.


6) OS Command Injection (CVE-ID: N/A)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to execute or persist unauthorized actions.

The vulnerability exists due to command injection in host exec environment filtering for Git ext transport when processing lower-trust caller or configured input paths. A remote user can provide crafted input to execute or persist unauthorized actions.

Only instances where the affected feature is enabled and reachable are vulnerable.


7) Server-Side Request Forgery (SSRF) (CVE-ID: N/A)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to access internal network destinations.

The vulnerability exists due to server-side request forgery (SSRF) in the sandbox exec-server HTTP request handling when processing lower-trust caller input or configured input paths. A remote user can send crafted input to access internal network destinations.

Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on operator configuration and whether lower-trust input can reach that path.


8) Incomplete List of Disallowed Inputs (CVE-ID: N/A)

CWE-ID: CWE-184 - Incomplete List of Disallowed Inputs

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to execute or persist actions beyond the caller's intended authorization.

The vulnerability exists due to incomplete list of disallowed inputs in the host exec environment filtering for rustup startup variables when processing configured input paths through the affected feature. A remote user can provide a lower-trust input path that bypasses the filtering to execute or persist actions beyond the caller's intended authorization.

Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach that path.


9) Path traversal (CVE-ID: N/A)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to bypass authorization or policy checks.

The vulnerability exists due to path traversal in sandbox bind mounts when processing lower-trust caller or configured input paths. A local user can supply a crafted input path to bypass authorization or policy checks.

Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on operator configuration and whether lower-trust input can reach the affected path.


10) Missing Authorization (CVE-ID: N/A)

CWE-ID: CWE-862 - Missing Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to perform unauthorized actions.

The vulnerability exists due to missing authorization in MS Teams message actions when handling lower-trust caller or configured input paths. A remote user can invoke the affected action path to perform unauthorized actions.

Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach that path.


Remediation

Install update from vendor's website.