SB2026063015 - Multiple vulnerabilities in OpenClaw



SB2026063015 - Multiple vulnerabilities in OpenClaw

Published: June 30, 2026

Security Bulletin ID SB2026063015
CSH Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: N/A)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to perform actions that should have required a stronger authorization or policy check.

The vulnerability exists due to a time-of-check time-of-use race condition in the MS Teams safeFetch feature when processing lower-trust caller or configured input paths. A remote user can trigger a DNS rebinding race to perform actions that should have required a stronger authorization or policy check.

Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach that path.


2) Insufficient verification of data authenticity (CVE-ID: N/A)

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to insufficient verification of data authenticity in the Bot Framework serviceUrl validation in @openclaw/msteams when processing lower-trust caller or configured input paths. A remote user can provide crafted input that reaches the affected path to disclose sensitive information.

Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach that path.


3) Server-Side Request Forgery (SSRF) (CVE-ID: N/A)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to access network destinations that should have been blocked by OpenClaw policy.

The vulnerability exists due to server-side request forgery (SSRF) in QQBot media upload when processing lower-trust caller input or configured input paths. A remote user can provide a crafted input path to access network destinations that should have been blocked by OpenClaw policy.

Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on operator configuration and whether lower-trust input can reach that path.


4) Incomplete List of Disallowed Inputs (CVE-ID: N/A)

CWE-ID: CWE-184 - Incomplete List of Disallowed Inputs

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to incomplete list of disallowed inputs in the workspace dotenv file handling when processing a configured input path. A remote attacker can provide a specially crafted workspace dotenv file to disclose sensitive information.

Only instances where the affected feature is enabled and reachable are vulnerable, and user interaction is required.


Remediation

Install update from vendor's website.