VYPR

npm package

openclaw

pkg:npm/openclaw

Vulnerabilities (393)

  • CVE-2026-32065Mar 21, 2026
    affected < 2026.2.25fixed 2026.2.25

    OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executa

  • CVE-2026-32064Mar 21, 2026
    affected < 2026.2.21fixed 2026.2.21

    OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to obser

  • CVE-2026-32058Mar 21, 2026
    affected < 2026.2.26fixed 2026.2.26

    OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusin

  • CVE-2026-32057Mar 21, 2026
    affected < 2026.2.25fixed 2026.2.25

    OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by usi

  • CVE-2026-32056Mar 21, 2026
    affected < 2026.2.22fixed 2026.2.22

    OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv

  • CVE-2026-32055Mar 21, 2026
    affected < 2026.2.26fixed 2026.2.26

    OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the

  • CVE-2026-32054Mar 21, 2026
    affected < 2026.2.25fixed 2026.2.25

    OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside

  • CVE-2026-32053Mar 21, 2026
    affected < 2026.2.23fixed 2026.2.23

    OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale

  • CVE-2026-32052Mar 21, 2026
    affected < 2026.2.24fixed 2026.2.24

    OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while ex

  • CVE-2026-32050Mar 21, 2026
    affected < 2026.2.25fixed 2026.2.25

    OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-han

  • CVE-2026-32049Mar 21, 2026
    affected < 2026.2.22fixed 2026.2.22

    OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process

  • CVE-2026-32048Mar 21, 2026
    affected < 2026.3.1fixed 2026.3.1

    OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with

  • CVE-2026-32046Mar 21, 2026
    affected < 2026.2.21fixed 2026.2.21

    OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protec

  • CVE-2026-32045Mar 21, 2026
    affected < 2026.2.21fixed 2026.2.21

    OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without prope

  • CVE-2026-32043Mar 21, 2026
    affected < 2026.2.25fixed 2026.2.25

    OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and executio

  • CVE-2026-22172Mar 20, 2026
    affected < 2026.3.12fixed 2026.3.12

    OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connections to self-declare elevated scopes without server-side binding. Attackers can exploit this logic flaw to pr

  • CVE-2026-32035MedMar 19, 2026
    affected < 2026.3.2fixed 2026.3.2

    OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron fun

  • CVE-2026-32022MedMar 19, 2026
    affected < 2026.2.21fixed 2026.2.21

    OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to

  • CVE-2026-32019HigMar 19, 2026
    affected < 2026.2.22fixed 2026.2.22

    OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit web_fetch f

  • CVE-2026-32018LowMar 19, 2026
    affected < 2026.2.19fixed 2026.2.19

    OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry upd

Page 12 of 20