Peyton Kennedy

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.14 **Description** OpenClaw versions before 2026.2.14 contain a path traversal flaw in the `apply patch` function. Attackers can exploit crafted paths, including directory traversal sequences or absolute paths, to escape workspace boundaries and modify arbitrary files when `apply patch` is enabled without filesystem sandbox containment. The `apply patch` function's path resolution does not enforce workspace containment, allowing inputs like `../../...` or absolute paths to bypass the working directory in non-sandboxed mode. The impact depends on deployment and who can trigger tool execution, being most relevant when tool invocation is exposed to less-trusted callers or when workspace-only containment is expected. **Recommendations** Versions prior to 2026.2.14: Keep `tools.exec.applyPatch.enabled` disabled if `apply patch` is not needed. Versions prior to 2026.2.14: Keep `tools.exec.applyPatch.workspaceOnly` set to its secure default of `true`. Versions prior to 2026.2.14: Restrict who can trigger tool execution and which tools are allowlisted.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.14 **Description** The optional Tlon (Urbit) extension does not properly validate user-provided base URLs for authentication, leading to a server-side request forgery (SSRF). This allows attackers who can influence the configured Urbit URL to make HTTP requests to arbitrary hosts, including internal addresses. This impacts deployments that have installed and configured the Tlon (Urbit) extension and where an attacker can influence the configured Urbit URL. Deployments that do not use the Tlon extension, or where untrusted users cannot change the Urbit URL, are not impacted. The gateway could be induced to make HTTP requests to attacker-chosen hosts. **Recommendations** Versions prior to 2026.2.14 should be updated to version 2026.2.14 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.14 **Description** The software contains a webhook signature-verification bypass in the voice-call extension. This allows unauthenticated requests when the `tunnel.allowNgrokFreeTierLoopbackBypass` option is enabled. An external attacker can send forged requests to the publicly reachable webhook endpoint without a valid `X-Twilio-Signature` header, resulting in unauthorized webhook event handling and potential request flooding attacks. The issue is limited to configurations where the voice-call extension is enabled and the `tunnel.allowNgrokFreeTierLoopbackBypass` option is explicitly enabled, making the webhook reachable. **Recommendations** Update to version 2026.2.14 or later.

**Name of the Vulnerable Software and Affected Versions** GT Edge AI Platform versions prior to 2.0.10-dev **Description** An access control issue exists in the `/api/v1/conversations/*/messages` API of GT Edge AI Platform. This allows unauthorized access to message history with AI agents belonging to other users. The `conversations` and `messages` variables within the API endpoint are involved in this issue. **Recommendations** Update to version 2.0.10-dev or later.

**Name of the Vulnerable Software and Affected Versions** GT Edge AI Platform versions prior to 2.0.10-dev **Description** The /api/v1/agents API in GT Edge AI Platform has insecure permissions, potentially allowing unauthorized access to sensitive information. The API endpoint ''/api/v1/agents'' is affected. **Recommendations** Update GT Edge AI Platform to version 2.0.10-dev or later.

**Name of the Vulnerable Software and Affected Versions** GT Edge AI Platform versions prior to 2.0.10 **Description** An access control issue exists in the `/api/v1/conversations/*/files` API of GT Edge AI Platform. This allows unauthorized access to files uploaded by other users. The vulnerable parameter is the file identifier within the API endpoint. **Recommendations** Update GT Edge AI Platform to version 2.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** GT Edge AI Platform versions prior to 2.0.10-dev **Description** An issue in GT Edge AI Platform allows attackers to execute arbitrary code by injecting a crafted JSON payload into the Prompt window. The vulnerability involves the potential for code execution through manipulation of the input provided to the application. **Recommendations** Update GT Edge AI Platform to version 2.0.10-dev or later.