SB2026063013 - Multiple vulnerabilities in OpenClaw
Published: June 30, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 vulnerabilities.
1) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to perform unauthorized administrative actions.
The vulnerability exists due to incorrect authorization in admin-scoped tools when handling identity-bearing HTTP requests through the affected feature and configuration. A remote user can send a crafted request through a lower-trust caller or configured input path to perform unauthorized administrative actions.
Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach the affected path.
2) Open redirect (CVE-ID: N/A)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to url redirection to an untrusted site in the MCP SSE feature when handling redirects that forward Authorization headers. A remote user can trigger a crafted redirect path to disclose sensitive information.
Only instances where the affected feature is enabled and reachable are vulnerable.
3) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to perform unauthorized actions.
The vulnerability exists due to improper access control in ClickClack agent-mode dispatch when processing lower-trust caller or configured input paths. A remote user can reach the affected dispatch path to perform unauthorized actions.
Only instances where the affected feature is enabled and reachable are vulnerable.
4) Insufficient verification of data authenticity (CVE-ID: N/A)
CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform unauthorized actions.
The vulnerability exists due to insufficient verification of data authenticity in the HTTP Canvas response handling for trusted A2UI actions when processing lower-trust caller input or configured input paths. A remote attacker can provide a specially crafted response or input path to perform unauthorized actions.
Exploitation requires the affected feature to be enabled and reachable, and practical impact depends on whether lower-trust input can reach the affected path. User interaction is required.
5) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to execute or persist actions beyond the caller's intended authorization.
The vulnerability exists due to incorrect authorization in node exec approvals when using different gateway and node environments. A remote user can use a lower-trust caller or configured input path to execute or persist actions beyond the caller's intended authorization.
Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach the affected path.
Remediation
Install update from vendor's website.
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-cf2p-f286-mphf
- https://github.com/openclaw/openclaw/security/advisories/GHSA-9c3v-684m-579c
- https://github.com/openclaw/openclaw/security/advisories/GHSA-wp73-f3gg-w4vr
- https://github.com/openclaw/openclaw/security/advisories/GHSA-vr7j-7684-7gm5
- https://github.com/openclaw/openclaw/security/advisories/GHSA-8f46-3xx3-8c9m