Zhijie Zhang

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to commit 8aceaf5 Description OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass in shell-bleed protection. This allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped execution, command substitution, or subshell invocation to bypass the `validateScriptFileForShellBleed()` validation checks and execute arbitrary script content that would otherwise be blocked. Recommendations Update OpenClaw to commit 8aceaf5 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions through 2026.3.23 **Description** The software contains a path traversal issue in media parsing. This allows attackers to read arbitrary files by bypassing path validation in the `isLikelyLocalPath()` and `isValidMedia()` functions. The incomplete validation and the `allowBareFilename` bypass enable attackers to reference files outside the intended application sandbox, potentially disclosing sensitive information such as system files, environment files, and SSH keys. **Recommendations** Update to a version after commit 4797bbc to resolve the issue.

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to commit b57b680 Description OpenClaw is susceptible to an approval bypass due to inconsistent environment variable normalization between approval and execution processes. This allows attackers to inject attacker-controlled environment variables into execution without validation by the approval system. The differing normalization logic discards non-portable keys during approval but accepts them during execution, bypassing operator review and potentially enabling the execution of attacker-controlled binaries. Recommendations Update OpenClaw to commit b57b680 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.21 OpenClaw versions 2026.2.19 and earlier **Description** OpenClaw fails to filter dangerous process-control environment variables from configuration environment variables, allowing for startup-time code execution. Attackers can inject variables such as `NODE OPTIONS` or `LD *` through configuration to execute arbitrary code within the OpenClaw gateway service runtime context. The issue stems from the `collectConfigEnvVars()` function accepting unfiltered keys from configuration, which are then merged into the daemon install environment via `buildGatewayInstallPlan()`. Prior to the fix, startup-control variables were not blocked in this process. **Recommendations** OpenClaw versions prior to 2026.2.21 should be updated to version 2026.2.21 or later.

**Name of the Vulnerable Software and Affected Versions** Xpdf versions 4.05 and earlier **Description** A PDF object loop in an object stream leads to infinite recursion and a stack overflow. **Recommendations** For Xpdf versions 4.05 and earlier, update to a version later than 4.05 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.