SB2026040839 - Multiple vulnerabilities in OpenClaw
Published: April 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Reliance on Untrusted Inputs in a Security Decision (CVE-ID: CVE-2026-32975)
The vulnerability allows a remote attacker to bypass channel authorization.
The vulnerability exists due to reliance on untrusted inputs in a security decision in Zalouser allowlist authorization when matching group identifiers for group routing. A remote attacker can reuse the display name of an allowlisted group to bypass channel authorization.
This issue occurs in deployments that use name-based channels.zalouser.groups entries together with permissive sender allowlists.
2) Information disclosure (CVE-ID: CVE-2026-33575)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to exposure of sensitive information in pairing setup codes generated by /pair and openclaw qr when embedding setup payloads. A remote attacker can obtain a leaked setup code to disclose sensitive information.
Leaked codes may be exposed through chat history, logs, screenshots, or copied QR payloads.
3) Improper privilege management (CVE-ID: CVE-2026-22172)
The vulnerability allows a remote user to perform admin-only gateway operations.
The vulnerability exists due to improper privilege management in the gateway WebSocket connect path when handling shared-authenticated backend connections. A remote user can present elevated scopes to perform admin-only gateway operations.
This issue affects certain device-less shared-token or password-authenticated backend connections where client-declared scopes were kept without server-side binding, including scopes not tied to a device identity or an explicitly trusted Control UI path.
4) Inclusion of Functionality from Untrusted Control Sphere (CVE-ID: CVE-2026-32920)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to inclusion of functionality from an untrusted control sphere in workspace plugin auto-discovery and loading from .openclaw/extensions/ when opening or running OpenClaw in a cloned repository. A remote attacker can include a crafted workspace plugin in a repository to execute arbitrary code.
User interaction is required to run OpenClaw from the cloned directory.
5) Improper Authorization (CVE-ID: CVE-2026-32914)
The vulnerability allows a remote user to read or modify privileged configuration information.
The vulnerability exists due to improper authorization in /config and /debug command handlers when handling command requests from command-authorized non-owners. A remote user can send command requests to access owner-only configuration and debugging surfaces to read or modify privileged configuration information.
The issue affects lower-trust senders that are permitted to run commands but are not owners.
6) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2026-34505)
The vulnerability allows a remote attacker to forge Zalo webhook traffic.
The vulnerability exists due to improper restriction of excessive authentication attempts in the Zalo webhook handler when processing webhook requests with invalid secrets. A remote attacker can repeatedly guess the webhook secret to forge Zalo webhook traffic.
Requests with an invalid secret returned 401 responses but did not count against the rate limiter, so repeated guesses would not trigger 429 responses.
7) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-32974)
The vulnerability allows a remote attacker to inject forged Feishu events and impersonate senders.
The vulnerability exists due to improper verification of cryptographic signature in the Feishu webhook endpoint when handling inbound Feishu events with only `verificationToken` configured. A remote attacker can send forged webhook events to inject forged Feishu events and impersonate senders.
Potential downstream tool execution is subject to the local agent policy.
8) Incorrect authorization (CVE-ID: CVE-2026-32924)
The vulnerability allows a remote attacker to bypass authorization and mention gating for reaction-derived events in group chats.
The vulnerability exists due to incorrect authorization handling in Feishu reaction event processing when handling synthetic reaction events with an omitted chat_type field. A remote attacker can send a crafted reaction-originated event to bypass authorization and mention gating for reaction-derived events in group chats.
The issue occurs because a group conversation can be misclassified as a direct message during authorization evaluation.
Remediation
Install update from vendor's website.
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-f5mf-3r52-r83w
- https://github.com/openclaw/openclaw/security/advisories/GHSA-7h7g-x2px-94hj
- https://github.com/openclaw/openclaw/security/advisories/GHSA-rqpp-rjj8-7wv8
- https://github.com/openclaw/openclaw/security/advisories/GHSA-99qw-6mr3-36qr
- https://github.com/openclaw/openclaw/security/advisories/GHSA-r7vr-gr74-94p8
- https://github.com/openclaw/openclaw/security/advisories/GHSA-5m9r-p9g7-679c
- https://github.com/openclaw/openclaw/security/advisories/GHSA-g353-mgv3-8pcj
- https://github.com/openclaw/openclaw/security/advisories/GHSA-m69h-jm2f-2pv8