VYPR

npm package

openclaw

pkg:npm/openclaw

Vulnerabilities (393)

  • CVE-2026-41385MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted configuration data to obtain plaintext signing keys used for Nostr protocol opera

  • CVE-2026-41384HigApr 28, 2026
    affected < 2026.3.24fixed 2026.3.24

    OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary enviro

  • CVE-2026-41383HigApr 28, 2026
    affected < 2026.4.2fixed 2026.4.2

    OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config pa

  • CVE-2026-41382MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized

  • CVE-2026-41381MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is p

  • CVE-2026-41380HigApr 28, 2026
    affected < 2026.3.28fixed 2026.3.28

    OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch

  • CVE-2026-41379HigApr 28, 2026
    affected < 2026.3.28fixed 2026.3.28

    OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and mod

  • CVE-2026-41378HigApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escalate privileges by leveraging unre

  • CVE-2026-41377MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings.

  • CVE-2026-41376MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassin

  • CVE-2026-41375MedApr 28, 2026
    affected < 2026.3.28fixed 2026.3.28

    OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channel

  • CVE-2026-41374MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource

  • CVE-2026-41373MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGO_BUILD_RUSTC, and CMAKE_C_COMPILER via environment overrides. Attackers with approved

  • CVE-2026-41372MedApr 28, 2026
    affected < 2026.4.2fixed 2026.4.2

    OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost end

  • CVE-2026-41369MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critic

  • CVE-2026-41365MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions.

  • CVE-2026-41364HigApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote h

  • CVE-2026-41363MedApr 28, 2026
    affected >= 2026.2.6, < 2026.3.28fixed 2026.3.28

    OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during upload_image operations to read arbitrary

  • CVE-2026-41359HigApr 23, 2026
    affected < 2026.3.28fixed 2026.3.28

    OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit

  • CVE-2026-41358MedApr 23, 2026
    affected < 2026.4.2fixed 2026.4.2

    OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user replies to bypass sender access controls and manipulate model co

Page 5 of 20