Adam55A-Code

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.2.17 and below **Description** OpenClaw is a personal AI assistant. The cron webhook delivery in `src/gateway/server-cron.ts` uses the `fetch()` function directly, allowing webhook targets to access private, metadata, and internal endpoints without Server-Side Request Forgery (SSRF) policy checks. This could potentially allow unauthorized access to internal resources. Server-Side Request Forgery (SSRF) is a web security flaw that allows an attacker to cause the server to make HTTP requests to an arbitrary domain of the attacker's choosing. **Recommendations** Versions prior to 2026.2.19 are affected. Update OpenClaw to version 2026.2.19 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.15 **Description** A stored Cross-Site Scripting (XSS) issue exists in the OpenClaw Control UI when rendering assistant identity (name/avatar) into an inline `<script>` tag without proper escaping. A crafted value containing `</script>` could allow an attacker to break out of the script tag and execute arbitrary JavaScript in the Control UI origin. The issue stemmed from directly injecting `assistantName` and `assistantAvatar` into an inline `<script>` block using `JSON.stringify(...)`, which does not prevent the `</script>` sequence from terminating the script element. An attacker with the ability to set assistant identity values could potentially steal tokens or sessions and perform privileged actions in the UI. **Recommendations** Versions prior to 2026.2.15 should be updated to version 2026.2.15 or later. This update removes inline script injection, serves bootstrap configuration from a JSON endpoint, and adds a restrictive Content Security Policy for the Control UI (`script-src 'self'`, no inline scripts).

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.15 **Description** A flaw exists in the `download` skill installation process of OpenClaw, specifically before version 2026.2.15. Insufficient validation of `targetDir` values within skill frontmatter allowed for potential file writing outside the intended installation sandbox during the admin-only `skills.install` flow. This could occur when the `targetDir` value was not strictly validated. **Recommendations** Update to OpenClaw version 2026.2.15 or later.