SB2026040856 - Multiple vulnerabilities in OpenClaw

Security Bulletin ID SB2026040856

Severity

Medium

Patch available

YES

Number of vulnerabilities 19

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 19 secuirty vulnerabilities.

1) Incorrect authorization (CVE-ID: N/A)

The vulnerability allows a remote user to bypass DM policy restrictions and send verification notices to unpaired peers.

The vulnerability exists due to incorrect authorization in matrix verification notices when sending verification notices in direct messages. A remote user can send a verification notice to a peer outside the allowed DM policy to bypass DM policy restrictions and send verification notices to unpaired peers.

2) Incorrect Privilege Assignment (CVE-ID: N/A)

The vulnerability allows a remote user to delete sessions beyond their intended authorization scope.

The vulnerability exists due to incorrect privilege assignment in the gateway plugin subagent fallback deleteSession path when no request-scoped client exists. A remote user can trigger session deletion through the fallback path to delete sessions beyond their intended authorization scope.

3) Incorrect authorization (CVE-ID: N/A)

The vulnerability allows a remote user to terminate sessions they do not own.

The vulnerability exists due to incorrect authorization in the HTTP /sessions/:sessionKey/kill route when handling bearer-authenticated requests. A remote user can send a crafted request to terminate sessions they do not own.

The affected route could reach the admin kill path without binding the action to requester ownership or caller-granted operator scopes.

4) Incorrect Privilege Assignment (CVE-ID: N/A)

The vulnerability allows a remote user to gain operator.admin runtime scope.

The vulnerability exists due to incorrect privilege assignment in gateway-authenticated plugin HTTP routes when creating the runtime scope set. A remote user can invoke a plugin HTTP route through the gateway to gain operator.admin runtime scope.

5) Incorrect authorization (CVE-ID: N/A)

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the HTTP /sessions/:sessionKey/history route when handling authenticated history requests. A remote user can send a request for session history without the required operator.read scope to disclose sensitive information.

6) Improper privilege management (CVE-ID: N/A)

The vulnerability allows a remote user to escalate privileges.

The vulnerability exists due to improper privilege management in the gateway backend reconnect logic when processing backend-labeled reconnects that request broader scopes. A remote user can reconnect with self-requested elevated scopes to escalate privileges.

The issue allows a non-admin operator scope to self-claim operator.admin by bypassing pairing during reconnect.

7) Resource exhaustion (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in the Feishu webhook handler when processing unauthenticated request bodies before signature validation. A remote attacker can send a specially crafted request body to cause a denial of service.

8) Improper Neutralization of Escape, Meta, or Control Sequences (CVE-ID: N/A)

The vulnerability allows a remote attacker to spoof terminal output.

The vulnerability exists due to improper neutralization of escape sequences in ACP CLI approval prompts and permission logs when processing untrusted tool metadata. A remote attacker can supply tool titles containing ANSI control sequences to spoof terminal output.

9) Incorrect authorization (CVE-ID: N/A)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper access control in the gateway local shared-auth reconnect handling when processing silent local reconnect scope-upgrade requests. A local user can trigger a silent reconnect that auto-approves a scope upgrade to reach node remote code execution.

The issue can silently widen a paired device scope from operator.read to operator.admin without explicit pairing approval.

10) Incorrect authorization (CVE-ID: N/A)

The vulnerability allows a remote user to modify session state.

The vulnerability exists due to incorrect authorization in Telegram direct message inline button callback handling when processing callback queries from direct messages. A remote user can send a crafted callback query to modify session state.

The issue occurs because normal direct message pairing requirements are not enforced for these callbacks.

11) Race condition (CVE-ID: N/A)

The vulnerability allows a remote user to bypass the intended shared-secret rate-limit budget.

The vulnerability exists due to a race condition in shared-secret authentication on Tailscale-capable paths when processing concurrent asynchronous authentication attempts. A remote user can send concurrent authentication attempts to bypass the intended shared-secret rate-limit budget.

This issue is scoped to Tailscale-capable paths.

12) Authentication bypass using an alternate path or channel (CVE-ID: N/A)

The vulnerability allows a remote user to reach callback handling without DM pairing.

The vulnerability exists due to authentication bypass using an alternate path or channel in the Feishu raw card send surface when processing legacy callback payloads. A remote user can send a specially crafted raw card command payload to reach callback handling without DM pairing.

Unpaired recipients can reach the legacy callback path.

13) Incorrect authorization (CVE-ID: N/A)

The vulnerability allows a remote user to bypass mention-gating restrictions and enqueue agent-visible system events.

The vulnerability exists due to incorrect authorization in the BlueBubbles group reaction event handling path when processing group reaction events. A remote user can send a group reaction that bypasses the requireMention check to bypass mention-gating restrictions and enqueue agent-visible system events.

14) Authentication bypass using an alternate path or channel (CVE-ID: N/A)

The vulnerability allows a remote user to submit unauthorized session feedback.

The vulnerability exists due to incorrect authorization in Microsoft Teams feedback invoke handling when processing feedback invokes from senders. A remote user can send a feedback invoke through an alternate channel to submit unauthorized session feedback.

The issue affects feedback invokes because the sender allowlist checks applied to direct message and group flows were not enforced for this path.

15) Reliance on Untrusted Inputs in a Security Decision (CVE-ID: N/A)

The vulnerability allows a remote user to bypass authorization controls.

The vulnerability exists due to reliance on untrusted inputs in a security decision in Google Chat group authorization when using mutable space display names for access decisions. A remote user can change or collide a space display name to bypass authorization controls.

16) Improper Restriction of Excessive Authentication Attempts (CVE-ID: N/A)

The vulnerability allows a remote attacker to guess weak webhook passwords.

The vulnerability exists due to improper restriction of excessive authentication attempts in BlueBubbles webhook authentication when handling repeated password guesses. A remote attacker can send repeated authentication attempts to guess weak webhook passwords.

17) Improper Restriction of Excessive Authentication Attempts (CVE-ID: N/A)

The vulnerability allows a remote attacker to bypass webhook authentication.

The vulnerability exists due to improper restriction of excessive authentication attempts in the Telegram webhook authentication mechanism when handling repeated webhook secret guesses. A remote attacker can send repeated authentication attempts to bypass webhook authentication.

The issue is exploitable against weak webhook secrets.

18) Improper Restriction of Excessive Authentication Attempts (CVE-ID: N/A)

The vulnerability allows a remote attacker to guess weak webhook tokens.

The vulnerability exists due to improper restriction of excessive authentication attempts in the Synology Chat webhook authentication mechanism when handling repeated invalid token submissions. A remote attacker can send repeated token guesses to guess weak webhook tokens.

19) Server-Side Request Forgery (SSRF) (CVE-ID: N/A)

The vulnerability allows a remote user to perform server-side request forgery.

The vulnerability exists due to server-side request forgery in multiple channel extensions when processing configured base URLs for outbound requests. A remote user can configure a crafted base URL to perform server-side request forgery.

The issue is an incomplete fix for a previous SSRF vulnerability.

Remediation

Install update from vendor's website.

SB2026040856 - Multiple vulnerabilities in OpenClaw

Breakdown by Severity

Description

Remediation

References

Please verify you're human