Vulnerability-Lookup

WID-SEC-W-2026-0472

Vulnerability from csaf_certbund - Published: 2026-02-22 23:00 - Updated: 2026-03-11 23:00

Summary

OpenClaw: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

OpenClaw ist ein persönlicher KI-Assistent zur Ausführung auf eigenen Geräten.

Angriff

Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um beliebigen Programmcode auszuführen, sich erhöhte Berechtigungen zu verschaffen, Daten zu manipulieren, einen Denial-of-Service-Zustand auszulösen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder andere nicht näher spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme

- Sonstiges - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenClaw ist ein pers\u00f6nlicher KI-Assistent zur Ausf\u00fchrung auf eigenen Ger\u00e4ten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um beliebigen Programmcode auszuf\u00fchren, sich erh\u00f6hte Berechtigungen zu verschaffen, Daten zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen oder andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0472 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0472.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0472 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0472"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-25gx-x37c-7pph"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2fgq-7j6h-9rm4"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2hm8-rqrm-xfjq"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2mc2-g238-722j"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2prf-9cw7-fq62"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2rgf-hm63-5qph"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3cvx-236h-m9fj"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3x3x-h76w-hp98"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3xfw-4pmr-4xc5"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-43x4-g22p-3hrq"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-45cg-2683-gfmq"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4cqv-h74h-93j4"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4gc7-qcvf-38wg"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4rqq-w8v4-7p47"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-56pc-6hvp-4gv4"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5847-rm3g-23mw"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5ghc-98wh-gwwf"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h2c-8v84-qpvr"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5mx2-2mgw-x8rm"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5v6x-rfc3-7qfr"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-62f6-mrcj-v8h5"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-65rx-fvh6-r4h2"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6j27-pc5c-m8w8"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-74xj-763f-264w"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7fcc-cw49-xm78"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-82g8-464f-2mv7"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8cp7-rp8r-mg77"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security A)dvisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8fmp-37rc-p5g7"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9p38-94jf-hgjj"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cjv3-m589-v3rx"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6h3-846h-2r8w"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f8mp-vj46-cq8v"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fg3m-vhrr-8gj6"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gq83-8q7q-9hfx"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hff7-ccv5-52f8"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jj82-76v6-933r"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jjgj-cpp9-cvpv"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jq4x-98m3-ggq6"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jwf4-8wf4-jf2m"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mfg5-7q5g-f37j"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mqr9-vqhq-3jxw"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rx3g-mvc3-qfjf"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rxxp-482v-7mrh"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v3j7-34xh-6g3w"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v6x2-2qvm-6gv8"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vffc-f7r7-rx2w"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vmqr-rc7x-3446"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vvjh-f6p9-5vcf"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w7j5-j98m-w679"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w9cg-v44m-4qv8"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wpph-cjgr-7c39"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x2g4-7mj7-2hhj"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x9cf-3w63-rpq9"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xgf2-vxv2-rrmg"
      },
      {
        "category": "external",
        "summary": "OpenClaw Security Advisories vom 2026-02-22",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xwcr-v472-8hhr"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenClaw: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-11T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-12T06:11:45.572+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0472",
      "initial_release_date": "2026-02-22T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-22T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-11T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE-2026-32061, CVE-2026-32062, CVE-2026-32063 erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2026.2.22",
                "product": {
                  "name": "Open Source OpenClaw \u003c2026.2.22",
                  "product_id": "T051067"
                }
              },
              {
                "category": "product_version",
                "name": "2026.2.22",
                "product": {
                  "name": "Open Source OpenClaw 2026.2.22",
                  "product_id": "T051067-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openclaw:openclaw:2026.2.22"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenClaw"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-27158",
      "product_status": {
        "known_affected": [
          "T051067"
        ]
      },
      "release_date": "2026-02-22T23:00:00.000+00:00",
      "title": "CVE-2026-27158"
    },
    {
      "cve": "CVE-2026-27159",
      "product_status": {
        "known_affected": [
          "T051067"
        ]
      },
      "release_date": "2026-02-22T23:00:00.000+00:00",
      "title": "CVE-2026-27159"
    },
    {
      "cve": "CVE-2026-27164",
      "product_status": {
        "known_affected": [
          "T051067"
        ]
      },
      "release_date": "2026-02-22T23:00:00.000+00:00",
      "title": "CVE-2026-27164"
    },
    {
      "cve": "CVE-2026-27165",
      "product_status": {
        "known_affected": [
          "T051067"
        ]
      },
      "release_date": "2026-02-22T23:00:00.000+00:00",
      "title": "CVE-2026-27165"
    },
    {
      "cve": "CVE-2026-27209",
      "product_status": {
        "known_affected": [
          "T051067"
        ]
      },
      "release_date": "2026-02-22T23:00:00.000+00:00",
      "title": "CVE-2026-27209"
    },
    {
      "cve": "CVE-2026-32061",
      "product_status": {
        "known_affected": [
          "T051067"
        ]
      },
      "release_date": "2026-02-22T23:00:00.000+00:00",
      "title": "CVE-2026-32061"
    },
    {
      "cve": "CVE-2026-32062",
      "product_status": {
        "known_affected": [
          "T051067"
        ]
      },
      "release_date": "2026-02-22T23:00:00.000+00:00",
      "title": "CVE-2026-32062"
    },
    {
      "cve": "CVE-2026-32063",
      "product_status": {
        "known_affected": [
          "T051067"
        ]
      },
      "release_date": "2026-02-22T23:00:00.000+00:00",
      "title": "CVE-2026-32063"
    }
  ]
}

CVE-2026-32061 (GCVE-0-2026-32061)

Vulnerability from cvelistv5 – Published: 2026-03-11 13:32 – Updated: 2026-03-11 14:37

Title

OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal

Summary

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversal sequences, or symlinks to access sensitive files readable by the OpenClaw process user, including API keys and credentials.

Severity ?

6.7 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

VulnCheck

References

URL

Tags

	https://github.com/openclaw/openclaw/security/adv…	third-party-advisory
	https://github.com/openclaw/openclaw/commit/d1c00…	issue-tracking
	https://www.vulncheck.com/advisories/openclaw-arb…	third-party-advisory

Impacted products

	Vendor	Product	Version
	openclaw	openclaw	Affected: 0 , < 2026.2.17 (semver) Unaffected: 2026.2.17

Credits

Aether AI (@aether-ai-agent)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32061",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T14:37:21.418861Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T14:37:31.749Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/openclaw",
          "product": "openclaw",
          "vendor": "openclaw",
          "versions": [
            {
              "lessThan": "2026.2.17",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2026.2.17"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2026.2.17",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:openclaw:openclaw:2026.2.17:*:*:*:*:*:*:*",
                  "vulnerable": false
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Aether AI (@aether-ai-agent)"
        }
      ],
      "datePublic": "2026-02-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversal sequences, or symlinks to access sensitive files readable by the OpenClaw process user, including API keys and credentials."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T13:32:34.842Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GitHub Security Advisory (GHSA-56pc-6hvp-4gv4)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-56pc-6hvp-4gv4"
        },
        {
          "name": "Patch Commit",
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/openclaw/openclaw/commit/d1c00dbb7c64a39e205464dae7f2a068420e91c1"
        },
        {
          "name": "VulnCheck Advisory: OpenClaw \u003c 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-include-directive-path-traversal"
        }
      ],
      "title": "OpenClaw \u003c 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-32061",
    "datePublished": "2026-03-11T13:32:34.842Z",
    "dateReserved": "2026-03-10T19:51:58.637Z",
    "dateUpdated": "2026-03-11T14:37:31.749Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32062 (GCVE-0-2026-32062)

Vulnerability from cvelistv5 – Published: 2026-03-11 13:32 – Updated: 2026-03-11 14:36

Title

OpenClaw 2026.2.21-2 < 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream

Summary

OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

VulnCheck

References

URL

Tags

	https://github.com/openclaw/openclaw/security/adv…	vendor-advisory
	https://github.com/openclaw/openclaw/commit/1d896…	patch
	https://www.vulncheck.com/advisories/openclaw-una…	third-party-advisory

Impacted products

Vendor

Product

Version

openclaw

Affected: 2026.2.21-2 , < 2026.2.22 (semver)
Unaffected: 2026.2.22 (semver)

openclaw

voice-call

Affected: 2026.2.21
Affected: 2026.2.22

Credits

@jiseoung

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32062",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T14:36:13.980691Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T14:36:20.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/openclaw",
          "product": "openclaw",
          "vendor": "openclaw",
          "versions": [
            {
              "lessThan": "2026.2.22",
              "status": "affected",
              "version": "2026.2.21-2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2026.2.22",
              "versionType": "semver"
            }
          ]
        },
        {
          "packageURL": "pkg:npm/openclaw",
          "product": "voice-call",
          "vendor": "openclaw",
          "versions": [
            {
              "status": "affected",
              "version": "2026.2.21"
            },
            {
              "status": "affected",
              "version": "2026.2.22"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2026.2.22",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:openclaw:openclaw:2026.2.22:*:*:*:*:*:*:*",
                  "vulnerable": false
                }
              ],
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "@jiseoung"
        }
      ],
      "datePublic": "2026-02-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T13:32:35.845Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GitHub Security Advisory (GHSA-mfg5-7q5g-f37j)",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mfg5-7q5g-f37j"
        },
        {
          "name": "Patch Commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openclaw/openclaw/commit/1d8968c8a821ff1a05c294a1846b3bcb6f343794"
        },
        {
          "name": "VulnCheck Advisory: OpenClaw 2026.2.21-2 \u003c 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-websocket-resource-exhaustion-via-media-stream"
        }
      ],
      "title": "OpenClaw 2026.2.21-2 \u003c 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-32062",
    "datePublished": "2026-03-11T13:32:35.845Z",
    "dateReserved": "2026-03-10T19:52:01.004Z",
    "dateUpdated": "2026-03-11T14:36:20.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32063 (GCVE-0-2026-32063)

Vulnerability from cvelistv5 – Published: 2026-03-11 13:32 – Updated: 2026-03-11 14:35

Title

OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation

Summary

OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary systemd directives. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of the OpenClaw gateway service user.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

VulnCheck

References

URL

Tags

	https://github.com/openclaw/openclaw/security/adv…	vendor-advisory
	https://github.com/openclaw/openclaw/commit/61f64…	patch
	https://www.vulncheck.com/advisories/openclaw-com…	third-party-advisory

Impacted products

	Vendor	Product	Version
	openclaw	openclaw	Affected: 2026.2.19-2 , < 2026.2.21 (semver) Unaffected: 2026.2.21

Credits

@tdjackey

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32063",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T14:35:33.498252Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T14:35:38.033Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vffc-f7r7-rx2w"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/openclaw",
          "product": "openclaw",
          "vendor": "openclaw",
          "versions": [
            {
              "lessThan": "2026.2.21",
              "status": "affected",
              "version": "2026.2.19-2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2026.2.21"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2026.2.21",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:openclaw:openclaw:2026.2.21:*:*:*:*:*:*:*",
                  "vulnerable": false
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "@tdjackey"
        }
      ],
      "datePublic": "2026-02-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary systemd directives. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of the OpenClaw gateway service user."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T13:32:36.727Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GitHub Security Advisory (GHSA-vffc-f7r7-rx2w)",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vffc-f7r7-rx2w"
        },
        {
          "name": "Patch Commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openclaw/openclaw/commit/61f646c41fb43cd87ed48f9125b4718a30d38e84"
        },
        {
          "name": "VulnCheck Advisory: OpenClaw 2026.2.19-2 \u003c 2026.2.21 - Command Injection via Newline in systemd Unit Generation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/openclaw-command-injection-via-newline-in-systemd-unit-generation"
        }
      ],
      "title": "OpenClaw 2026.2.19-2 \u003c 2026.2.21 - Command Injection via Newline in systemd Unit Generation",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-32063",
    "datePublished": "2026-03-11T13:32:36.727Z",
    "dateReserved": "2026-03-10T19:52:03.795Z",
    "dateUpdated": "2026-03-11T14:35:38.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0472

CVE-2026-32061 (GCVE-0-2026-32061)

CVE-2026-32062 (GCVE-0-2026-32062)

CVE-2026-32063 (GCVE-0-2026-32063)

Tags

Sightings

Nomenclature