Security: openclaw/openclaw
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolutionGHSA-r39h-4c2p-3jxp published
Apr 24, 2026 by steipeteHigh -
Webhooks SecretRef route secret remains valid after rotation/reloadGHSA-q8ff-7ffm-m3r9 published
Apr 24, 2026 by steipeteModerate -
Gateway config mutation guard allowed unsafe model-driven config writesGHSA-cwj3-vqpp-pmxr published
Apr 24, 2026 by steipeteHigh -
Gateway Control UI bootstrap config required Gateway authGHSA-93rg-2xm5-2p9v published
Apr 23, 2026 by steipeteLow -
Workspace dotenv files cannot override connector endpoint hostsGHSA-55cf-xx38-4p9p published
Apr 23, 2026 by steipeteModerate -
Exec allowlist analysis rejects shell expansion in unquoted heredocsGHSA-x3h8-jrgh-p8jx published
Apr 23, 2026 by steipeteModerate -
MCP loopback owner context is derived from server-issued bearer tokensGHSA-r6xh-pqhr-v4xh published
Apr 23, 2026 by steipeteHigh -
OpenShell FS bridge writes stay pinned to the sandbox mount rootGHSA-wppj-c6mr-83jj published
Apr 23, 2026 by steipeteHigh -
OpenShell FS bridge reads pin and verify the opened file before returning bytesGHSA-5h3g-6xhh-rg6p published
Apr 23, 2026 by steipeteHigh -
Owner-enforced commands could accept wildcard channel senders as command ownersGHSA-c28g-vh7m-fm7v published
Apr 22, 2026 by steipeteModerate