CVE Vulnerabilities - 3 March 2026

OpenClaw Plugin Auth Bypass in API Channels Route

GHSA-v865-p3gq-hw6m

### Summary (Updated March 2, 2026) Encoded alternate-path requests could bypass plugin route auth checks for `/api/channels/*` due to canonicalizatio...

6.9

OpenClaw's Webhook Handler Allows Unauthenticated DDoS

GHSA-x4vp-4235-65hg

## Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted and parsed request bodies before authentication and signature checks on ...

6.9

OpenClaw: Malicious Binary Can Be Executed in Trusted Path

GHSA-qhrr-grqp-6x2g

### Summary In `openclaw` allowlist mode, `tools.exec.safeBins` trusted PATH-derived directories for safe-bin resolution. A same-name binary placed in...

6.9

OpenClaw's sandbox browser lacks authentication for noVNC observer sessions

GHSA-25gx-x37c-7pph

The sandbox browser entrypoint launched `x11vnc` without authentication (`-nopw`) for noVNC observer sessions. OpenClaw-managed runtime flow publishe...

6.9

OpenClaw's shell-execution bypass in allowlist mode

GHSA-ccg8-46r6-9qgj

### Summary A wrapper-depth parsing mismatch in `system.run` allowed nested transparent dispatch wrappers (for example repeated `/usr/bin/env`) to sup...

6.9

Twilio webhook replay could trigger duplicate voice-call actions in OpenClaw

GHSA-vqx8-9xxw-f2m7

## Impact Twilio webhook replay events could bypass voice-call manager dedupe because normalized event IDs were randomized per parse. A replayed event...

6.9

OpenClaw: Tokenless Auth Bypass in HTTP Routes on Trusted Networks

GHSA-hff7-ccv5-52f8

### Summary When tokenless Tailscale auth is enabled, OpenClaw should only allow forwarded-header auth for Control UI websocket authentication on trus...

6.9

OpenClaw allows attackers to write files outside its temp directory

GHSA-vj3g-5px3-gr46

## Summary OpenClaw’s Feishu media download flow used untrusted Feishu media keys (`imageKey` / `fileKey`) when building temporary file paths in `ext...

6.9

Google Chrome in OpenClaw: Without Sandbox Protection

GHSA-43x4-g22p-3hrq

## Summary Sandbox browser container launched Chromium with `--no-sandbox` by default, disabling Chromium's OS-level sandbox protections. ## Affected...

6.9

OpenClaw has hook auth rate limiter bypass via IPv4-mapped IPv6 client key variants

GHSA-5847-rm3g-23mw

## Vulnerability The hook authentication throttle keyed failed attempts by raw socket `remoteAddress` text. IPv4 and IPv4-mapped IPv6 forms of the s...

6.9

OpenClaw: Malicious Code May Access Unauthorized Files in Sandbox

GHSA-h9xm-j4qg-fvpg

### Summary In some opt-in sandbox configurations, the **experimental** `apply_patch` tool did not consistently apply workspace-only checks to mounted...

6.8

Rancher Backup Operator exposes S3 credentials in logs

CVE-2025-62879 GHSA-wj3p-5h3x-c74q

### Impact A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both `accessKey` and `secret...

6.8

Rancher: Weave CNI password missing when creating cluster from RKE template

GHSA-vrph-m5jj-c46c CVE-2022-21951

### Impact This vulnerability only affects customers using [Weave](https://rancher.com/docs/rancher/v2.6/en/faq/networking/cni-providers/#weave) CNI ...

6.8

OpenClaw 2026.3.1 Node System Run Approval Bypass

GHSA-h3rm-6x7g-882f

### Summary In `[email protected]`, node `system.run` approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. ...

6.7

OpenClaw macOS Path Execution Allows Unapproved Commands

GHSA-9p38-94jf-hgjj

### Summary In OpenClaw's macOS node-host path, `system.run` allowlist parsing in `security=allowlist` mode failed to reject command substitution toke...

6.6

OpenClaw Allows Malicious Code Execution via Shell Wrapper

GHSA-2fgq-7j6h-9rm4

### Summary `system.run` allowed `SHELLOPTS` + `PS4` environment injection to trigger command substitution during `bash -lc` xtrace expansion before t...

6.6

OpenClaw Discord Allowlist Bypass on Unstable User Tags

GHSA-4cqv-h74h-93j4

OpenClaw supports Discord allowlists using either user IDs or names/tags. Name/tag matching depends on slug normalization, so different user tags can ...

6.5

OpenClaw browser vulnerability allows file access by authenticated users

GHSA-45cg-2683-gfmq

## Impact `assertBrowserNavigationAllowed()` validated only `http:`/`https:` network targets but implicitly allowed other schemes. An authenticated g...

6.5

Craft CMS: Attacker Can Fake Entry Authorship

CVE-2026-28781 GHSA-2xfc-g69j-x2mp

## Description The entry creation process allows for **Mass Assignment** of the `authorId` attribute. A user with "Create Entries" permission can inje...

5.7

IBM webMethods API Gateway allows unauthorized file access

CVE-2026-2606

IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to p...

6.5

Weintek cMT-3072XH2 easyweb v2.1.53: Unauthorized access to HMI system

CVE-2024-55025

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI sys...

6.5

LatePoint WordPress Plugin Allows Attackers to Access Your Database

CVE-2026-1487

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all ver...

6.5

OpenClaw: External Helper Can Bypass Safe-Bin Approval

GHSA-vmqr-rc7x-3446

When `sort` is explicitly added to `tools.exec.safeBins` (non-default), the `--compress-program` option can invoke an external helper and bypass the i...

6.4

OpenClaw opens some routes to unauthorized access in mixed-trust setups

GHSA-cjv3-m589-v3rx

## Summary This advisory tracks a defense-in-depth hardening for canvas routes. In mixed-trust or network-visible deployments, prior canvas auth/fallb...

6.3

OpenClaw incorrectly handles proxy headers, enabling IP spoofing

GHSA-2rgf-hm63-5qph

### Summary OpenClaw used left-most `X-Forwarded-For` values when requests came from configured trusted proxies. In proxy chains that append/preserve...

6.3