PT-2026-25475 · Npm · Openclaw
Publicado
2026-03-03
·
Atualizado
2026-03-03
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N |
Summary
Gateway plugin route auth protection for
/api/channels could be bypassed using encoded dot-segment traversal (for example ..%2f) in path variants that plugin handlers normalize.Affected Packages / Versions
- Package: npm
openclaw - Latest published vulnerable version:
2026.2.25 - Vulnerable version range:
<= 2026.2.25 - Patched version:
2026.2.26(planned next release)
Impact
Under affected versions, crafted alternate paths could bypass gateway auth checks for protected plugin channel routes when plugin handlers decode/canonicalize the incoming path and then route to
/api/channels/... handlers.Fix Commit(s)
258d615c45527ffda37cecd08cd268f97461bde0
Release Process Note
patched versions is pre-set to the planned next release (2026.2.26). After npm publish, maintainers only need to publish the advisory.OpenClaw thanks @zpbrent for reporting.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Openclaw