Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 0510052f3890 · 2026-04-17T21:57:44.000Z
GHSA-49cg-279w-m73x GHSA-7g8c-cfr3-vqqr GHSA-7wv4-cc7p-jhxc GHSA-c9h3-5p7r-mrjh
diff --git a/advisories/github-reviewed/2026/04/GHSA-49cg-279w-m73x/GHSA-49cg-279w-m73x.json b/advisories/github-reviewed/2026/04/GHSA-49cg-279w-m73x/GHSA-49cg-279w-m73x.json
@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-49cg-279w-m73x",
+  "modified": "2026-04-17T21:55:54Z",
+  "published": "2026-04-17T21:55:54Z",
+  "aliases": [],
+  "summary": "OpenClaw: Empty approver lists could grant explicit approval authorization",
+  "details": "## Summary\n\nEmpty approver lists could grant explicit approval authorization.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.12`\n- Patched versions: `>= 2026.4.12`\n\n## Impact\n\nFor helper-backed channels, an empty resolved approver list could be interpreted as explicit approval authorization, allowing a sender outside the normal channel authorization gate to resolve pending approvals if they knew an approval id.\n\n## Technical Details\n\nThe fix prevents empty approver lists from granting explicit approval authorization and adds regression coverage for unauthorized senders.\n\n## Fix\n\nThe issue was fixed in #65714. The first stable tag containing the fix is `v2026.4.12`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `0a105c0900de701d2ee9f1abc96b017afbd0afdd`\n- PR: #65714\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.12 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @anshumanbh for reporting this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.4.12"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-49cg-279w-m73x"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/pull/65714"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/0a105c0900de701d2ee9f1abc96b017afbd0afdd"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-17T21:55:54Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-7g8c-cfr3-vqqr/GHSA-7g8c-cfr3-vqqr.json b/advisories/github-reviewed/2026/04/GHSA-7g8c-cfr3-vqqr/GHSA-7g8c-cfr3-vqqr.json
@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7g8c-cfr3-vqqr",
+  "modified": "2026-04-17T21:55:21Z",
+  "published": "2026-04-17T21:55:20Z",
+  "aliases": [],
+  "summary": "OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input",
+  "details": "## Summary\n\nAgent hook events could enqueue trusted system events from unsanitized external input.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nAgent hook dispatch could turn externally supplied hook metadata into trusted system events, allowing untrusted input to enter the agent as higher-trust context.\n\n## Technical Details\n\nThe fix sanitizes hook names and marks agent hook system events as untrusted before enqueueing them.\n\n## Fix\n\nThe issue was fixed in #64372. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `e3a845bde5b54f4f1e742d0a51ba9860f9619b29`\n- PR: #64372\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.4.10"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/pull/64372"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/e3a845bde5b54f4f1e742d0a51ba9860f9619b29"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-269"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-17T21:55:20Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-7wv4-cc7p-jhxc/GHSA-7wv4-cc7p-jhxc.json b/advisories/github-reviewed/2026/04/GHSA-7wv4-cc7p-jhxc/GHSA-7wv4-cc7p-jhxc.json
@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7wv4-cc7p-jhxc",
+  "modified": "2026-04-17T21:56:12Z",
+  "published": "2026-04-17T21:56:12Z",
+  "aliases": [],
+  "summary": "OpenClaw: Workspace .env could inject OpenClaw runtime-control variables",
+  "details": "## Summary\n\nWorkspace .env could inject OpenClaw runtime-control variables.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.9`\n- Patched versions: `>= 2026.4.9`\n\n## Impact\n\nA malicious workspace `.env` file could set OpenClaw runtime-control variables affecting update sources, gateway URLs, ClawHub resolution, browser executable paths, and related behavior.\n\n## Technical Details\n\nThe fix blocks OpenClaw runtime-control keys and key families from workspace `.env` loading.\n\n## Fix\n\nThe issue was fixed in #62660. The first stable tag containing the fix is `v2026.4.9`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `dbfcef319618158fa40b31cdac386ea34c392c0c`\n- PR: #62660\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.9 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab for reporting this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.4.9"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7wv4-cc7p-jhxc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/pull/62660"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/dbfcef319618158fa40b31cdac386ea34c392c0c"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-15"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-17T21:56:12Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-c9h3-5p7r-mrjh/GHSA-c9h3-5p7r-mrjh.json b/advisories/github-reviewed/2026/04/GHSA-c9h3-5p7r-mrjh/GHSA-c9h3-5p7r-mrjh.json
@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c9h3-5p7r-mrjh",
+  "modified": "2026-04-17T21:56:04Z",
+  "published": "2026-04-17T21:56:04Z",
+  "aliases": [],
+  "summary": "OpenClaw: Discord event cover images bypassed sandbox media normalization",
+  "details": "## Summary\n\nDiscord event cover images bypassed sandbox media normalization.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `>= 2026.4.7 < 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nDiscord event cover image parameters could bypass the sandbox media normalization path used for outbound local media, allowing host-local media references to reach a channel action path that expected normalized media.\n\n## Technical Details\n\nThe fix includes Discord `eventCreate.image` in sandbox media normalization and adds coverage for the event-create media path.\n\n## Fix\n\nThe issue was fixed in #64377. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `979c6f09d6fad96596feb91c905934be7e0b4f15`\n- PR: #64377\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2026.4.7"
+            },
+            {
+              "fixed": "2026.4.10"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c9h3-5p7r-mrjh"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/pull/64377"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/979c6f09d6fad96596feb91c905934be7e0b4f15"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-17T21:56:04Z",
+    "nvd_published_at": null
+  }
+}
