Publish Advisories

GHSA-2pr2-hcv6-7gwv
GHSA-3cw3-5vxw-g2h3
GHSA-8689-gm9g-jgr6
GHSA-89hr-6x2p-8xjv
GHSA-hc5h-pmr3-3497
GHSA-v2v2-f783-358j

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-2pr2-hcv6-7gwv/GHSA-2pr2-hcv6-7gwv.json

@@ -0,0 +1,76 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2pr2-hcv6-7gwv",
+  "modified": "2026-03-31T23:52:03Z",
+  "published": "2026-03-31T23:52:03Z",
+  "aliases": [
+    "CVE-2026-34503"
+  ],
+  "summary": "OpenClaw's device removal and token revocation do not terminate active WebSocket sessions",
+  "details": "## Summary\n\nRemoving a device or revoking its token updated stored credentials but did not disconnect already-authenticated WebSocket sessions.\n\n## Impact\n\nA revoked device could continue using its existing live session until reconnect, extending access beyond credential removal.\n\n## Affected Component\n\n`src/gateway/server-methods/devices.ts, src/gateway/server.impl.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `7a801cc451` (`Gateway: disconnect revoked device sessions`).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.24"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2pr2-hcv6-7gwv"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34503"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/7a801cc451e9e667b705eeccff651923a1b8c863"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-on-device-removal-and-token-revocation"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-613"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-31T23:52:03Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-3cw3-5vxw-g2h3/GHSA-3cw3-5vxw-g2h3.json

@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3cw3-5vxw-g2h3",
+  "modified": "2026-03-31T23:51:04Z",
+  "published": "2026-03-31T23:51:04Z",
+  "aliases": [],
+  "summary": "OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials",
+  "details": "## Summary\n\nRemote onboarding accepted discovered gateway endpoints without an explicit trust confirmation before persisting the remote URL and connection details.\n\n## Impact\n\nA malicious or spoofed discovery endpoint could steer onboarding toward an attacker-controlled gateway and capture future gateway credentials or traffic.\n\n## Affected Component\n\n`src/commands/onboard-remote.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `d6affb17d8` (`CLI: confirm discovered remote gateways before saving config`).",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.24"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3cw3-5vxw-g2h3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/d6affb17d85f5f5ab08ef9f2b994b257af12e75a"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287",
+      "CWE-862"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-31T23:51:04Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-8689-gm9g-jgr6/GHSA-8689-gm9g-jgr6.json

@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8689-gm9g-jgr6",
+  "modified": "2026-03-31T23:50:02Z",
+  "published": "2026-03-31T23:50:02Z",
+  "aliases": [],
+  "summary": "OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering",
+  "details": "## Summary\n\nPlivo V3 signature verification canonicalized query ordering, but replay detection hashed the raw verification URL. Reordering query parameters preserved a valid signature while producing a fresh replay-cache key.\n\n## Impact\n\nAn attacker who captured one valid signed Plivo V3 webhook could replay the same event by permuting query parameters and trigger duplicate voice-call processing.\n\n## Affected Component\n\n`extensions/voice-call/src/webhook-security.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `85777e726c` (`Voice Call: canonicalize Plivo V3 replay key`).",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8689-gm9g-jgr6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/85777e726cb02c01a911b3ff832ddf4d664d5c94"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-294"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-31T23:50:02Z",
+    "nvd_published_at": null
+  }
+}

…-89hr-6x2p-8xjv/GHSA-89hr-6x2p-8xjv.json …-89hr-6x2p-8xjv/GHSA-89hr-6x2p-8xjv.jsonadvisories/unreviewed/2026/03/GHSA-89hr-6x2p-8xjv/GHSA-89hr-6x2p-8xjv.json renamed to advisories/github-reviewed/2026/03/GHSA-89hr-6x2p-8xjv/GHSA-89hr-6x2p-8xjv.json advisories/unreviewed/2026/03/GHSA-89hr-6x2p-8xjv/GHSA-89hr-6x2p-8xjv.json renamed to advisories/github-reviewed/2026/03/GHSA-89hr-6x2p-8xjv/GHSA-89hr-6x2p-8xjv.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-89hr-6x2p-8xjv",
-  "modified": "2026-03-31T15:31:56Z",
+  "modified": "2026-03-31T23:51:46Z",
   "published": "2026-03-31T15:31:56Z",
-  "aliases": [
-    "CVE-2026-34503"
-  ],
-  "details": "OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.",
+  "withdrawn": "2026-03-31T23:51:46Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: OpenClaw's device removal and token revocation do not terminate active WebSocket sessions",
+  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2pr2-hcv6-7gwv. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -17,7 +17,27 @@
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "WEB",
@@ -41,8 +61,8 @@
       "CWE-613"
     ],
     "severity": "HIGH",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-31T23:51:46Z",
     "nvd_published_at": "2026-03-31T15:16:19Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-hc5h-pmr3-3497/GHSA-hc5h-pmr3-3497.json

@@ -0,0 +1,62 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hc5h-pmr3-3497",
+  "modified": "2026-03-31T23:50:22Z",
+  "published": "2026-03-31T23:50:22Z",
+  "aliases": [],
+  "summary": "OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation",
+  "details": "## Summary\n\nThe `/pair approve` command path called device approval without forwarding caller scopes into the core approval check.\n\n## Impact\n\nA caller that held pairing privileges but not admin privileges could approve a pending device request asking for broader scopes, including admin access.\n\n## Affected Component\n\n`extensions/device-pair/index.ts, src/infra/device-pairing.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `4ee4960de2` (`Pairing: forward caller scopes during approval`).",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.24"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/4ee4960de2330b5322127f925f3687dc6f105be1"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-31T23:50:22Z",
+    "nvd_published_at": null
+  }
+}