Anshuman Bhartiya

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.26 **Description** An information disclosure issue exists in sandboxed session spawning that exposes the real workspace path to child prompts. This allows attackers to reveal the host workspace location or related memory context to child models by spawning child sessions from sandboxed parents. **Recommendations** Update to version 2026.4.26.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.5.2 **Description** An issue in message.action forwarding allows model-controlled metadata to forward action payloads containing Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata. **Recommendations** Update to version 2026.5.2.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.29 **Description** An authorization bypass exists in the QQBot streaming command. This issue allows authenticated senders to modify configuration settings without explicit `allowFrom` restrictions. Attackers can bypass intended admin policies by accessing the affected command when no non-wildcard allowlist entry requirements are present. **Recommendations** Update to version 2026.4.29 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.12 **Description** An improper authorization issue exists in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. This logic flaw allows attackers to resolve pending approvals without proper authorization, provided they possess an approval id. **Recommendations** Update to version 2026.4.12 or newer.