VYPR

npm package

openclaw

pkg:npm/openclaw

Vulnerabilities (393)

  • CVE-2026-32017Mar 19, 2026
    affected < 2026.2.19fixed 2026.2.19

    OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can bypass argument validation by attaching short options like -o to whitelisted binari

  • CVE-2026-32016Mar 19, 2026
    affected < 2026.2.22fixed 2026.2.22

    OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binar

  • CVE-2026-32015Mar 19, 2026
    affected >= 2026.1.21, < 2026.2.19fixed 2026.2.19

    OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can exe

  • CVE-2026-32014Mar 19, 2026
    affected < 2026.2.26fixed 2026.2.26

    OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoo

  • CVE-2026-32013Mar 19, 2026
    affected < 2026.2.25fixed 2026.2.25

    OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files

  • CVE-2026-32011Mar 19, 2026
    affected < 2026.3.2fixed 2026.3.2

    OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Google Chat that parse request bodies before performing authentication and signature validation. Unauthenticated attackers can exploit this by sending slow or ove

  • CVE-2026-32010Mar 19, 2026
    affected < 2026.2.22fixed 2026.2.22

    OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator appr

  • CVE-2026-32009Mar 19, 2026
    affected < 2026.2.24fixed 2026.2.24

    OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these truste

  • CVE-2026-32008Mar 19, 2026
    affected < 2026.2.21fixed 2026.2.21

    OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed() function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files

  • CVE-2026-32007Mar 19, 2026
    affected < 2026.2.23fixed 2026.2.23

    OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental apply_patch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted pa

  • CVE-2026-32006Mar 19, 2026
    affected < 2026.2.26fixed 2026.2.26

    OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers can send messages and reactions as DM-paire

  • CVE-2026-32005Mar 19, 2026
    affected < 2026.2.25fixed 2026.2.25

    OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including block_action, view_submission, and view_closed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user a

  • CVE-2026-32004Mar 19, 2026
    affected < 2026.3.2fixed 2026.3.2

    OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication c

  • CVE-2026-32003Mar 19, 2026
    affected < 2026.2.22fixed 2026.2.22

    OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-s

  • CVE-2026-32002Mar 19, 2026
    affected < 2026.2.23fixed 2026.2.23

    OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attackers can load restricted mounted ima

  • CVE-2026-32001Mar 19, 2026
    affected < 2026.2.22fixed 2026.2.22

    OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket ha

  • CVE-2026-32000Mar 19, 2026
    affected < 2026.2.19fixed 2026.2.19

    OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arguments to execute arbitrary comma

  • CVE-2026-31999Mar 19, 2026
    affected >= 2026.2.26, < 2026.3.1fixed 2026.3.1

    OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote attackers can exploit improper she

  • CVE-2026-31998Mar 19, 2026
    affected >= 2026.2.22, < 2026.2.24fixed 2026.2.24

    OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unau

  • CVE-2026-31997Mar 19, 2026
    affected < 2026.3.1fixed 2026.3.1

    OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator appr

Page 14 of 20