SB2026040853 - Multiple vulnerabilities in OpenClaw
Published: April 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Incorrect authorization (CVE-ID: N/A)
The vulnerability allows a remote user to disclose model metadata.
The vulnerability exists due to incorrect authorization in the gateway HTTP /v1/models route when handling authenticated HTTP requests with bearer tokens. A remote user can send a request to /v1/models with a token that lacks operator.read to disclose model metadata.
This issue is a cross-surface authorization inconsistency between the WebSocket RPC interface and the HTTP compatibility interface.
2) Improper privilege management (CVE-ID: N/A)
The vulnerability allows a remote user to modify persistent channel authorization policy.
The vulnerability exists due to improper privilege management in the /allowlist command handler when processing /allowlist add or remove commands through the chat.send gateway method. A remote user can send a specially crafted chat.send request to modify persistent channel authorization policy.
The issue affects internal gateway callers because chat.send creates a command-authorized internal context, allowing an operator.write-scoped client to reach config-backed allowlist writes that are intended to be reserved for operator.admin.
3) Improper access control (CVE-ID: CVE-2026-33581)
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in src/infra/outbound/message-action-params.ts and src/infra/outbound/message-action-runner.ts when handling mediaUrl and fileUrl alias parameters. A remote user can supply crafted alias parameters to disclose sensitive information.
Exploitation requires the caller to be constrained to sandbox media roots.
Remediation
Install update from vendor's website.