SB2026063015 - Multiple vulnerabilities in OpenClaw
Published: June 30, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: N/A)
CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to perform actions that should have required a stronger authorization or policy check.
The vulnerability exists due to a time-of-check time-of-use race condition in the MS Teams safeFetch feature when processing lower-trust caller or configured input paths. A remote user can trigger a DNS rebinding race to perform actions that should have required a stronger authorization or policy check.
Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach that path.
2) Insufficient verification of data authenticity (CVE-ID: N/A)
CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to insufficient verification of data authenticity in the Bot Framework serviceUrl validation in @openclaw/msteams when processing lower-trust caller or configured input paths. A remote user can provide crafted input that reaches the affected path to disclose sensitive information.
Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach that path.
3) Server-Side Request Forgery (SSRF) (CVE-ID: N/A)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to access network destinations that should have been blocked by OpenClaw policy.
The vulnerability exists due to server-side request forgery (SSRF) in QQBot media upload when processing lower-trust caller input or configured input paths. A remote user can provide a crafted input path to access network destinations that should have been blocked by OpenClaw policy.
Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on operator configuration and whether lower-trust input can reach that path.
4) Incomplete List of Disallowed Inputs (CVE-ID: N/A)
CWE-ID: CWE-184 - Incomplete List of Disallowed Inputs
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to incomplete list of disallowed inputs in the workspace dotenv file handling when processing a configured input path. A remote attacker can provide a specially crafted workspace dotenv file to disclose sensitive information.
Only instances where the affected feature is enabled and reachable are vulnerable, and user interaction is required.
Remediation
Install update from vendor's website.
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-wxm8-ghhq-q688
- https://github.com/openclaw/openclaw/security/advisories/GHSA-prwc-c6w5-mmgr
- https://github.com/openclaw/openclaw/security/advisories/GHSA-fwgr-fpv9-vf5x
- https://github.com/openclaw/openclaw/security/advisories/GHSA-4pqj-3c56-5fqq