Skip to content

Commit fa2b0ce

Browse files
1 parent 39d81f3 commit fa2b0ce

8 files changed

Lines changed: 328 additions & 132 deletions

File tree

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-58wc-8wrv-xp9j",
4+
"modified": "2026-06-18T20:14:57Z",
5+
"published": "2026-06-16T21:31:58Z",
6+
"withdrawn": "2026-06-18T20:14:57Z",
7+
"aliases": [],
8+
"summary": "Duplicate Advisory: Active Memory write scope could mutate global config",
9+
"details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-x629-46cc-7xgw. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [
21+
{
22+
"package": {
23+
"ecosystem": "npm",
24+
"name": "openclaw"
25+
},
26+
"ranges": [
27+
{
28+
"type": "ECOSYSTEM",
29+
"events": [
30+
{
31+
"introduced": "0"
32+
},
33+
{
34+
"last_affected": "2026.5.5"
35+
}
36+
]
37+
}
38+
]
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw"
45+
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53847"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-active-memory-write-scope"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-266"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": true,
61+
"github_reviewed_at": "2026-06-18T20:14:57Z",
62+
"nvd_published_at": "2026-06-16T19:17:01Z"
63+
}
64+
}
Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6xcg-6q43-rj2v",
4+
"modified": "2026-06-18T20:13:59Z",
5+
"published": "2026-06-16T21:31:57Z",
6+
"withdrawn": "2026-06-18T20:13:59Z",
7+
"aliases": [],
8+
"summary": "Duplicate Advisory: Exported session HTML could keep unsafe markdown links",
9+
"details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-w9hf-3pp7-pvxv. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [
21+
{
22+
"package": {
23+
"ecosystem": "npm",
24+
"name": "openclaw"
25+
},
26+
"ranges": [
27+
{
28+
"type": "ECOSYSTEM",
29+
"events": [
30+
{
31+
"introduced": "0"
32+
},
33+
{
34+
"last_affected": "2026.5.7"
35+
}
36+
]
37+
}
38+
]
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w9hf-3pp7-pvxv"
45+
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53841"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://www.vulncheck.com/advisories/openclaw-cross-site-scripting-via-unsafe-markdown-links-in-exported-session-html"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-83"
58+
],
59+
"severity": "LOW",
60+
"github_reviewed": true,
61+
"github_reviewed_at": "2026-06-18T20:13:59Z",
62+
"nvd_published_at": "2026-06-16T19:17:00Z"
63+
}
64+
}
Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-r7vv-6763-m739",
4+
"modified": "2026-06-18T20:15:49Z",
5+
"published": "2026-06-16T21:31:58Z",
6+
"withdrawn": "2026-06-18T20:15:49Z",
7+
"aliases": [],
8+
"summary": "Duplicate Advisory: Skill-command dispatch could skip before-tool-call hooks",
9+
"details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-68xw-r643-9p5w. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy enforcement mechanisms.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
18+
}
19+
],
20+
"affected": [
21+
{
22+
"package": {
23+
"ecosystem": "npm",
24+
"name": "openclaw"
25+
},
26+
"ranges": [
27+
{
28+
"type": "ECOSYSTEM",
29+
"events": [
30+
{
31+
"introduced": "0"
32+
},
33+
{
34+
"last_affected": "2026.5.5"
35+
}
36+
]
37+
}
38+
]
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-68xw-r643-9p5w"
45+
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53845"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://www.vulncheck.com/advisories/openclaw-skill-command-dispatch-hook-bypass-via-before-tool-call-hook-skipping"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-693"
58+
],
59+
"severity": "LOW",
60+
"github_reviewed": true,
61+
"github_reviewed_at": "2026-06-18T20:15:49Z",
62+
"nvd_published_at": "2026-06-16T19:17:01Z"
63+
}
64+
}
Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-w9hf-3pp7-pvxv",
4+
"modified": "2026-06-18T20:14:40Z",
5+
"published": "2026-06-18T20:14:40Z",
6+
"aliases": [
7+
"CVE-2026-53841"
8+
],
9+
"summary": "OpenClaw: Exported session HTML could keep unsafe markdown links",
10+
"details": "### Summary\n\nExported session HTML could keep unsafe markdown links. In affected versions, content rendered into an exported session could preserve unsafe `javascript:` or `data:` links in generated HTML.\n\nThis advisory is scoped to the named feature and configuration. It does not change OpenClaw's trusted-operator model: authenticated Gateway operators, installed plugins, and intentional local execution surfaces remain trusted unless a separate policy, approval, allowlist, sandbox, or auth boundary is crossed.\n\n### Impact\n\nWhen the affected feature is enabled and reachable, this could run browser-side script if a trusted operator opens the exported file and activates the link. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path.\n\n### Patched Versions\n\nThe first stable patched version is `2026.5.12`.\n\n### Mitigations\n\ndo not open exported session HTML from untrusted content in a privileged browser profile until patched. As general hardening, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when it is not needed.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "npm",
21+
"name": "openclaw"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "2026.5.12"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 2026.5.7"
38+
}
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w9hf-3pp7-pvxv"
45+
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53841"
49+
},
50+
{
51+
"type": "PACKAGE",
52+
"url": "https://github.com/openclaw/openclaw"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://www.vulncheck.com/advisories/openclaw-cross-site-scripting-via-unsafe-markdown-links-in-exported-session-html"
57+
}
58+
],
59+
"database_specific": {
60+
"cwe_ids": [
61+
"CWE-79"
62+
],
63+
"severity": "MODERATE",
64+
"github_reviewed": true,
65+
"github_reviewed_at": "2026-06-18T20:14:40Z",
66+
"nvd_published_at": null
67+
}
68+
}
Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-x629-46cc-7xgw",
4+
"modified": "2026-06-18T20:15:20Z",
5+
"published": "2026-06-18T20:15:20Z",
6+
"aliases": [
7+
"CVE-2026-53847"
8+
],
9+
"summary": "OpenClaw: Active Memory write scope could mutate global config",
10+
"details": "### Summary\n\nActive Memory write scope could mutate global config. In affected versions, a Gateway caller with `operator.write` access to the affected command could change global configuration without requiring `operator.admin`.\n\nThis advisory is scoped to the named feature and configuration. It does not change OpenClaw's trusted-operator model: authenticated Gateway operators, installed plugins, and intentional local execution surfaces remain trusted unless a separate policy, approval, allowlist, sandbox, or auth boundary is crossed.\n\n### Impact\n\nWhen the affected feature is enabled and reachable, this could apply configuration changes beyond the intended write scope. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path.\n\n### Patched Versions\n\nThe first stable patched version is `2026.5.6`.\n\n### Mitigations\n\nlimit Active Memory write access to trusted operators until patched. As general hardening, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when it is not needed.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V4",
14+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "npm",
21+
"name": "openclaw"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "2026.5.6"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 2026.5.5"
38+
}
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw"
45+
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53847"
49+
},
50+
{
51+
"type": "PACKAGE",
52+
"url": "https://github.com/openclaw/openclaw"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-active-memory-write-scope"
57+
}
58+
],
59+
"database_specific": {
60+
"cwe_ids": [
61+
"CWE-266"
62+
],
63+
"severity": "MODERATE",
64+
"github_reviewed": true,
65+
"github_reviewed_at": "2026-06-18T20:15:20Z",
66+
"nvd_published_at": null
67+
}
68+
}

advisories/unreviewed/2026/06/GHSA-58wc-8wrv-xp9j/GHSA-58wc-8wrv-xp9j.json

Lines changed: 0 additions & 44 deletions
This file was deleted.

0 commit comments

Comments
 (0)