Smaeljaish771

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.2.21 through 2026.4.9 **Description** An authentication bypass exists in the sandbox noVNC helper route, which exposes interactive browser session credentials. This allows attackers to access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser session. **Recommendations** Update to version 2026.4.10.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.22 **Description** An access control bypass exists in the `allowProfiles` feature. This flaw allows remote attackers to circumvent profile restrictions by utilizing persistent profile mutation and runtime profile selection. Exploitation occurs by manipulating browser proxy profiles at runtime to access restricted profiles and bypass intended access controls. **Recommendations** Update to version 2026.3.22.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.31 **Description** An authentication boundary issue exists where the Telegram legacy allowFrom migration incorrectly propagates trust from the default account to all named accounts. This trust propagation allows attackers to bypass authentication controls and gain unauthorized access to named accounts. **Recommendations** Update to version 2026.3.31.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.8 **Description** An issue in Playwright redirect handling allows attackers to bypass strict Server-Side Request Forgery (SSRF) checks. By exploiting request-time navigation, attackers can reach private targets that are intended to be restricted by browser SSRF protections. SSRF is a flaw where an attacker can force a server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. **Recommendations** Update to version 2026.4.8.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.8 **Description** A privilege escalation issue exists in the gateway plugin HTTP authentication mechanism. This flaw allows identity-bearing `operator.read` requests to be widened into runtime `operator.write` permissions. An attacker can exploit this by sending read-scoped requests through the gateway auth route to obtain unauthorized write access to runtime operations. **Recommendations** Update to version 2026.4.8 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.2 **Description** The software fails to normalize trailing-dot localhost hosts in remote CDP (Chrome DevTools Protocol) discovery responses. This allows the bypass of loopback protections, enabling attackers to craft hostile discovery responses returning `localhost.` to retarget authenticated browser control toward localhost endpoints and expose browser state. **Recommendations** Update to version 2026.4.2.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.3.22 through 2026.3.30 **Description** A signature verification bypass exists in the Nostr DM ingress path, allowing pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairing entries and trigger pairing-reply attempts. This can lead to the consumption of shared pairing capacity and trigger bounded relay and logging work on the Nostr channel. This issue does not grant message decryption, pairing approval, or broader authorization bypass. **Recommendations** Update to version 2026.3.31 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.2.26 through 2026.3.30 **Description** The software enforces pending pairing-request caps per channel file rather than per account. This allows remote attackers to submit pairing requests from multiple accounts to exhaust the shared pending window, blocking new pairing challenges on other accounts and resulting in a denial of service. **Recommendations** Update to version 2026.3.31.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.31 **Description** A configuration management issue exists where startup migration treats empty-array settings as missing values. This allows attackers to restart the application to rehydrate revoked Tlon configuration from file state, which bypasses intended revocation controls. **Recommendations** Update to version 2026.3.31.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.31 **Description** When `allowRemoteViewer` is disabled, the diffs viewer misclassifies proxied remote requests as loopback connections. This allows attackers to bypass access controls by sending proxied requests that are incorrectly identified as local loopback traffic, granting unauthorized access by circumventing remote viewer restrictions. **Recommendations** Update to version 2026.3.31.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.31 **Description** A scope bypass exists in the webhook replay cache deduplication process. Authenticated attackers can exploit overly broad cache keying to replay messages across sibling targets using the same `messageId`, allowing duplicate webhook messages to be delivered to unintended targets. **Recommendations** Update to version 2026.3.31.

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.23 Description OpenClaw contains a replay identity issue in Plivo V2 signature verification. This allows attackers to bypass replay protection by modifying query parameters. The verification process generates replay keys from the complete URL, including query strings, rather than a standardized base URL. This enables attackers to create new, verified request keys by making unsigned changes to query parameters in signed requests. Recommendations Update to version 2026.3.23 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.23 **Description** OpenClaw contains an insufficient access control issue in the Gateway agent. The `/reset` endpoint allows callers with `operator.write` permission to reset admin sessions. Attackers with `operator.write` privileges can invoke `/reset` or `/new` messages with an explicit `sessionKey` to bypass `operator.admin` requirements and reset arbitrary sessions. The vulnerable code resides in `src/gateway/server-methods/agent.ts` within the `performGatewaySessionReset()` function. **Recommendations** Update to version 2026.3.23 or later.

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.23 Description OpenClaw contains an authentication bypass in the Canvas gateway. The `authorizeCanvasRequest()` function unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. This allows attackers to send unauthenticated HTTP and WebSocket requests to Canvas routes, bypassing authentication and gaining unauthorized access. Recommendations Update to version 2026.3.23 or later.